...
To handle a few common inbound event types, all in-house relays have four predefined rules. Three of these are designed to receive events from specific sources incapable of applying tags, and the fourth rule simply acts as a forwarder for events that are already tagged. These predefined rules use ports 12999-13002. This means you cannot use these ports to set up custom rules.
...
Log into your Devo account.
Go to Administration → Relays and click the relay name to pen the relay details window to the Relay Input (Rules) tab.
To set up a new rule, click the Add Rule button.
The Rule Definition window opens. Set up your new rule:
Type a unique Rule name to your new rule.
(optional) Although the Description is not mandatory, it is a good practice.
Identify the Source port on which the relay will receive the inbound events. It is good practice to dedicate a single port to a single event source. Example: If you are setting up the Alarm Feed, you should type 13003
Enter the Devo tag in the Target tag field. For example: if you are setting up the Alarm Feed, you should type proxy.zscaler.zia.alert.syslog
Select the Sent without syslog tag checkbox.
(optional) Select the Stop processing checkbox if you don't want the event to be subject to any subsequent relay rules. If this is the only rule that will run on events received on the specified port, this is not necessary.
Click on ADD RULE to save the new relay rule.
When your rules are ready, click on APPLY CONFIGURATION to send the updates to Devo Relay.
Your rule/s will be activated in your relay in no time.