When run from a Splunk search head, this search will return sourcetypes seen that do not have apps with configs for the listed sourcetype.
For example, if it returns WinEventLog, you should download the Windows TA to perform search-time parsing for these events.
| tstats c where index=* by sourcetype
| append
[| rest /services/saved/sourcetypes splunk_server=local
| fields title eai:acl.app
| rename title as sourcetype, eai:acl.app as app
| search (NOT app IN ("system", "learned"))]
| stats c values(app) as app by sourcetype
| where c=1 AND isnull(app)
| fields - c app