Heavy forwarder of light forwarder?

Just to confirm, the current version of Splunk for WAS can be installed on a universal forwarder. There is no dependency on a heavy forwarder. The installation scripts for the latest release are Java based and only depend on the Java version on your WAS box. Product versions prior to the latest release had a dependency on the heavy forwarder ONLY if you you wanted to run the installation scripts. The scripts were Python based and Python was only bundled with the heavy forwarder. I hope this provides some clarity.

What to install where

• Splunk App for WebSphere Application Server (splunk_app_was-2.0.1-133054.tar.gz) - Download and install this App on Splunk indexers and /or search heads.
• Splunk Forwarder Add-on for WebSphere Application Server (splunk_forwarder_addon_was-2.0.1-133049.tar.gz): Download and install this Add-on onto a Splunk forwarder installed on a WAS machine to collect log and configuration data. NOTE: You don't have to stop the forwarder, but sometimes it's easier to do things this way so that you remember to restart it after deploying the Forwarder Add-on so that the changes take effect.
• Splunk FA Add-on for WebSphere Application Server (splunk_fa_addon_was-2.0.1-133049.tar.gz) Install this FA Add-on on a Splunk indexer or a non WAS box with a Splunk forwarder installed.

About the install script

CreateInputs.jar is a Java based command line tool that automatically creates the inputs.conf file for you in $SPLUNK/etc/apps/splunk_forwarder_addon_was/local. Run it on your WAS box. You must have:

• JRE version 1.5 or later installed on your WAS box. You can use the Java version included with WebSphere, located in /opt/IBM/WebSphere/AppServer/java/bin/java. You can also use any installed Java version. The tool has been tested with JRE version1.5 and above.
• Know the host name of the WAS box. Get the correct host name for the WAS box from the serverindex.xml file stored under any profile. It must be of the format that WebSphere uses to store it. For example, you can find it in /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/config/cells/splunkwasCell01/nodes/splunkwasCellManager01/serverindex.xml.
• Know the installation path to the WAS profiles on this WAS box.Find the profile directory of your WAS installation on the WAS box, for example, /opt/IBM/WebSphere/AppServer/profiles.

To populate your views and drop-downs

After installing the components, did you run the following saved searches in Splunk App for WAS?

• In the Views menu, click Saved searches, then click setup_dropdown
• In the Views menu, click Saved searches, then click setup_log

I'm at just about the same setup spot as you. The CreateInputs.jar needs to run on a machine running WebSphere. From there, you can take the produced inputs.conf, edit as necessary, and add that into your app pushed via deployment server. This appears to work fine on a UF, because the java program replaces some Python that existed prior.