Unfortunately I don't have enough time right now to work on this project.
The problem here is that Universal Forwarders don't ship with Python bundled in, as full install does and secondly, this app makes use of some internal python libs that also would need to be installed in order to run the app.
The solution would be to 1. install Python interpreter on Uni Fwder; 2. rewrite those inputs to cut on using those internal libs and use some python sdk instead.
I haven't tried that, but in theory, since it's just missing some libs, we could copy them from the full Splunk and make them available on the forwarder. You'll need Python-2.7/Lib/site-packages/splunk directory to be seen by your Python interpreter as 'splunk'. You can add the splunk folder path to PYTHONPATH environment variable for this: https://docs.python.org/3/using/cmdline.html#envvar-PYTHONPATH
Again, not sure if this would work, but worth a try.
... View more