/
Scenario 1: Apply a fixed tag to all events

Scenario 1: Apply a fixed tag to all events

The simplest scenario involves assigning a single, fixed Devo tag to all events that are received on a given relay port. For this rule, we only need to specify the Source port and the Target tag.

Create the rule

  1. Identify the Source port on which the relay will receive the inbound events. It is good practice to dedicate a single port to a single event source.

  2. Enter the Devo tag in the Target tag field.

  3. (optional) Select the Stop processing checkbox if you don't want the event to be subject to any subsequent relay rules. If this is the only rule that will run on events received on the specified port, this is not necessary.

Take for example...

The rule for processing log events sent from the Bluecoat ProxySG fits this scenario. The events will be received on port 13005 and the Devo tag to apply to these events is proxy.bluecoat.proxysgSent without syslog tag is selected because the inbound events do not contain syslog tags in the headers. Since Stop processing is not selected, we can assume that this port is reserved exclusively for the Bluecoat ProxySG events so no other rules are going to be applied to these events.

To learn about the fields in the relay rule form, check out the Defining a relay rule article.

Related articles

Related content

Scenario 1: Apply a fixed tag to all events
Scenario 1: Apply a fixed tag to all events
More like this
Scenario 1: Apply a fixed tag to all events
Scenario 1: Apply a fixed tag to all events
More like this
Scenario 2: Apply a Devo tag based on data found in the inbound event
Scenario 2: Apply a Devo tag based on data found in the inbound event
More like this
Scenario 2: Apply a Devo tag based on data found in the inbound event
Scenario 2: Apply a Devo tag based on data found in the inbound event
More like this
Scenario 2: Apply a Devo tag based on data found in the inbound event
Scenario 2: Apply a Devo tag based on data found in the inbound event
More like this
Scenario 4: Assign dynamic Devo tag using inbound source data
Scenario 4: Assign dynamic Devo tag using inbound source data
More like this