One or two additional points to note:
The displayed ' split logging' of webfilter and app-control traffic on our systems is apparently caused by enabling web cache in the same firewall policies the webfilter profile and application control profile are added.
When using webcache in policies of the management (outer) vdom, the client vdom traffic is routed through, it creates nice logging entries for the client vdom containing all the above information.
Also, as mentioned in the forums, we have extended-utm-log enabled in the application list settings.