I am working on troubleshooting one issue where data from a particular sourcetype is not getting parsed correctly. Came across this page under Settings -> Sourcetypes and want to understand what exactly is it tell us? When I see the sourcetypes listed on this page, there are several missing even though we can see data in Splunk for those sourcetypes. If I do index=* | stats count by sourcetype all of them are listed but many from that list wont show up on that page. Check on both searchhead & indexer but same results.
e.g. We are getting Windows Event log data from the 4 common sources, i.e. Application, Security, System and Setup. But When I check under Settings -> sourcetypes, only Application and Security are listed and the app assigned to them is splunkappwindows_infrastructure. What happened to the other two sourcetypes (System/Setup) for which we are getting data?