I am not sure I understand the question though it sounds like you have a very specific "thing" you want to ask about, so let me try to get some more clarity. Please note none of this is critical, just questioning. Sometimes terminology is our only real problem.
Yes, Splunk can aggregate data as you mention. It does this in a very sane and predictable manner and ends up with the numbers you would expect. [see note 1]
So, what database tables would it match or not match? Splunk's own? (It doesn't use a database as you think of it, but if it didn't match its own data then something's very wrong). Some other DB? (In which case yes, it would, anything else would mean something's broken as well). [also see note 1]
"Should the application ensure that logging mechanisms should be in place?" Could you describe this more fully? What application, what logging mechanisms, and to what effect would they be put to? Why wouldn't this BE the primary data source Splunk is ingesting? [see note 2]
If you have a more specific question to ask, like about a certain type of data you may want to use Splunk for, just ask!
Note 1: Average, sum, and much more complex calculations can be done and they do what you'd expect. There's a whole list of statistical and charting commands available. There's a whole list of search commands available, too (look down the left of that link) (to handle events with multiple values, to generate stream statistics instead of time-chunk or overall statistics, to create and read lookup files to maintain some certain types of data, to extract more information, to group things in various ways and about a thousand other things). When you run out of those, you can continue building complexity (or simplifying!) using eval and its myriad options. You can build data models or summary statistics, each or which is a whole lengthy topic in itself but can perform calculations, rollups and all sorts of wonderful things. All this to be able to slice and dice and present your data in an understandable, useful way in a chart, graph, dashboard, or wherever. With right numbers. 🙂
This data all gets indexed, stored, parsed, transformed and normalized to various extents to ... well, do whatever you want. Often it's to sort of "homogenize" it so that you can search and correlate various pieces of data together. Like if you rename user, Username, User Name, UserName, Name, OperatorName and so on all to "user" (or whatever), then have various lookup files to indicate which user each actually points to so that you can report on what Jane Smith is doing, everywhere, regardless of what her username may be in disparate systems. Sometimes it's not homogenized but stored for audit trails - the monitoring of which is SO much easier in Splunk! The purposes are endless.
And that's only the smallest sliver of what you can do! Sorry, I may have gotten excited there, please excuse me. 🙂