Categorization is used to process unstructured text, not to deal with fields like IP addresses. You can just apply rare to the IP address by setting the IP address as the by_field. See this older article for examples.
Also, see this other idea about only analyzing the first octet of IP addresses