Do remember that raw data (if batch pipeline used) would still contain the IP address in S3. You might want to set up life cycle rules to get the data flushed after a reasonable number of days.
OK, so my original question was regarding filtering events.
Let’s say that we want to use a field that is not being used by us, e.g. ip_organization.
Many thanks @ihor, this was really helpful.
I didn’t know that the event is mutable.
We don’t have the PII enrichment, but the IP anonymization enrichment.
At start it didn’t work because of this enrichment, but once I removed it everything was as expected.
I added the IP anonymization logic to my JS script.