Thanks for reply , i have read this and confusion in mind , here need data from hosts only , not from indexer and search head , but in that case i have to install app on both indexer and search head ?. can it have some logic ?

I am not sure I understand your question. If you don't understand the basic tiers of a Splunk deployment and what the function of each of them is (forwarder, indexer, search head), then you should learn that before you try to install an add-on, especially in a distributed deployment.

You have to install the add-on onto your indexers that are receiving data from your Linux hosts.

You have to install the add-on onto your search heads so you can search the indexed data.

You have to install a universal forwarder and the add-on onto each of your Linux hosts, so they can send the data to the indexer.

Thanks
i have put app under master indexer and push and updated and install on SH , add on forwarder but while configuring it require remote server URL , is it for master or any one

we need to install on which from we need data add on and on indexer and search head we need app.

I'm also having trouble following the question here. Specifically, I can't imagine where "remote server URL" came into play. If you can be super specific and show us what step of what page in the instructions you are running into a challenge then I'm sure we can help.