of course, keep in mind I'm not all that familiar with splunk config. This splunk infrastructure was passed down to me.

I installed PureStorage app and the TA. They were installed on a indexer and heavy forwarder, our infrastructure consists of 6 indexers, 6 search heads, 1 cluster master, 1 deployment server, and 2 heavy forwarders. To answer your inputs question, how do I look that up? is it under the installed app (inputs.conf). Where do I look for issues in the logs? is it the ones in splunkhome/var

And, yes...I can see the data on the appliances and splunk would just feed off of that I suppose

The app should be installed on all search heads.  Install the TA on both heavy forwarders.

Inputs will be defined in the TA under $SPLUNK_HOME/etc/apps/<app-name>/default/inputs.conf and $SPLUNK_HOME/etc/apps/<app-name>/local/inputs.conf.  You may also find it in the HF's UI under Settings->Data inputs.

The best way to look at the logs is by using Splunk.  Search for 

index=_internal source="*splunkd.log"

Have you seen the Inherited Deployments manual at https://docs.splunk.com/Documentation/Splunk/7.3.0/InheritedDeployment/Introduction ?

Thanks for the information.

This is what I'm getting from the logs

ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/PureStorage-TA/bin/PureStorage_rest.py" /opt/splunk/etc/apps/PureStorage-TA/bin/requests/packages/urllib3/connectionpool.py:768: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html

how do I go about fixing this?