...
You'll notice that the event contains no specific Devo tag. This is because Devo uses a different process to ingest these events. When a CEF Syslog event is sent to the platform, Devo recognizes CEF as the tag, then it proceeds to read the device vendor and device product values from the event's header. The event is then saved to a table with the name cef0.device_vendor.device_product.
So, are we saying that you can send any data to Devo in CEF Syslog format? Yes and no. Yes, because Devo will ingest the events and save them in a file determined by the date and key event fields. However, if Devo is not yet equipped with a parser for that specific event type, a table name will not subsequently appear in the Finder and you won't be able to access the data. So, yes Devo will ingest the data but a parser file is necessary in order to be able to access the data table and parse the events for display.
...