Does this give you what you are looking for?

index=* sourcetype=* | fields host, sourcetype | sort host | cluster | stats count by host, sourcetype | fields host,sourcetype

The data in that panel is coming from a search starting with |metadata type=host. This metadata is not simultaneously differentiated by host and by sourcetype (the left panel is sourcetype, ignoring host, the right panel is host, ignoring sourcetype). I don't know offhand why you're not seeing per_sourcetype_thruput in the forwarder's logs, perhaps it doesn't get logged there.

I think you are referring to the Summary view in the Search app. This shows counts by sourcetype, but I want count by sourcetype,

I tried that, but
grep sourcetype $SPLUNK_HOME/var/log/splunk/metric*
doesn't return anything on the forwarder.

It's not doing any local indexing, but by default it's also not forwarding anything which would have landed in its _internal index (like the metrics.log) either. In any event, you might consider reading through the metrics.log directly on the forwarder itself ($SPLUNK_HOME/var/log/splunk). Instead of a Splunk search, you'll be doing a grep (for group=per_sourcetype_thruput) and some awk. My point about forwarding _internal data from the forwarder would still be useful in situations like this.

Thanks for your answer, but I think I wasn't clear enough. The heavy forwarder is not doing any local indexing. I want to know how much of each sourcetype it is sending on it's tcpout stream.

I see total volume for each forwarder, but not a breakdown of the sourcetypes coming from each forwarder.