PFSense GOK Filter Breaks All Filters

Currently I have a very vanilla configuration and im having some trouble adding a GOK filter for PFSense. Currently I have an input:

input {
  #pfSense Firewalls
  tcp {
    type => "pfSense"
    port => "5002"
  }

  #Windows Servers
  tcp {
    type => "WindowsEventLog"
    port => "5003"
    codec => "json"
  }


  #tcp syslog stream via 5140 Local firewall forwards TCP/UDP port 514 to 5140
  tcp {
    port => 5140
    type => "Syslog"
  }
}

input {
  #udp syslogs tream via 5140 Local firewall forwards TCP/UDP port 514 to 5140
  udp {
    port => 5140
    type => "Syslog"
  }
}

I have a syslog filter that adds a Type if the host has an IP that is defined:

filter {
  if [type] == "Syslog" {
    if [host] =~ /192\.168\.56\.1/ or [host] =~ /192\.168\.56\.2/ or [host] =~ /192\.168\.56\.3/ or [host] =~ /192\.168\.56\.4/ {
      mutate {
        replace => { "type" => "pfSense" }
      }
    }
    if [host] =~ /192\.168\.59\.253/ {
      mutate {
        replace => { "type" => "Fortinet" }
      }
    }
  }
}

And then I have my PFSense filter that I want to use to parse out the message:

filter {
  if [type] == "pfSense" {

    if [host] =~ /192\.168\.56\.1/ {
      mutate {
        add_field => {
          "Hostname" => "p-fw-1.ucdsvm.ucdavis.edu"
        }
        add_tag => ["PFSense"]
      }
    }

    if [host] =~ /192\.168\.56\.2/ {
      mutate {
        add_field => {
          "Hostname" => "p-fw-2.ucdsvm.ucdavis.edu"
        }
        add_tag => ["PFSense"]
      }
    }

    if [host] =~ /192\.168\.56\.3/ {
      mutate {
        add_field => {
          "Hostname" => "svmfw01.vetmed.ucdavis.edu"
        }
        add_tag => ["PFSense"]
      }
    }

    if [host] =~ /192\.168\.56\.4/ {
      mutate {
        add_field => {
          "Hostname" => "svmfw02.vetmed.ucdavis.edu"
        }
        add_tag => ["PFSense"]
      }
    }

  }
}

I want to add the following to the PFSense filter but no matter how I do it Elasticsearch immediately stops seeing all data. Even from all of my Windows and Linux hosts, which is totally bizarre to me as they should never be impacted by the filter as they dont meet the IF statement requirements:

filter {
  if "PFSense" in [tags] {
    grok {
      add_tag => [ "firewall" ]
      match => [ "message", "<(?<evtid>.*)>(?<datetime>(?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|Jun(?:e)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|Oct(?:ober)?|Nov(?:ember)?|Dec(?:em$
    }
    mutate {
      gsub => ["datetime","  "," "]
    }
    date {
      match => [ "datetime", "MMM dd HH:mm:ss" ]
    }
    mutate {
      replace => [ "message", "%{msg}" ]
    }
    mutate {
      remove_field => [ "msg", "datetime" ]
    }
}
if [prog] =~ /^filterlog$/ {
    mutate {
      remove_field => [ "msg", "datetime" ]
    }
    grok {
      patterns_dir => "./patterns"
      match => [ "message", "%{LOG_DATA}%{IP_SPECIFIC_DATA}%{IP_DATA}%{PROTOCOL_DATA}" ]
    }
    mutate {
      lowercase => [ 'proto' ]
    }
     geoip {
     add_tag => [ "GeoIP" ]
     source => "src_ip"
    }
  }
}

Anyone have any thoughts as to whats going on?