I would like to use 8514 for the pfsense logs. as I have other hosts syslogs to 514. when i set up an input to the indexer on port 8514 pfsense source type dose not appear.
solved this issue. PFsense service had to be restarted before the port change would take effect.
solved this issue. PFsense service had to be restarted before the port change would take effect.
I think this qualifies as an answer, and since it's the right answer, you should accept it for yourself. I have converted it to an answer for you already so I did the easy part. 🙂
(If done all the time accepting your own answers is not ideal, but occasionally accepting your own answer when it's The Right Thing is completely fine!)
Post an example of your inputs.conf please.
And also a netstat to see whether splunk is actually listening on this port.