Use Deploy Monitor app(All Forwarder View) for checking which are the forwarders sending data.
In inputs.conf mention the ip address which should only be accepted from.
acceptFrom = <network_acl> ...
* Lists a set of networks or addresses to accept connections from.
These rules are separated by commas or spaces
* Each rule can be in the following forms:
* 1. A single IPv4 or IPv6 address (examples: "10.1.2.3", "fe80::4a3")
* 2. A CIDR block of addresses (examples: "10/8", "fe80:1234/32")
Thanks
If you have configured Splunk to listen to udp:514, then you did configure Splunk to collect data on any server that sends syslog data on udp:514.
If you browse the syslog, you should be able to see host field. You can get IP of the server by doing nslookup.