1: Yes, but then use this as your ONLY method of deploying configuration changes.
2: You should unpack them, but not by manually with tar. There is potentially MUCH more that happens when some complicated apps are installed (like SecKit* and SideView Utils) and you will BREAK the app if you just untar. Instead ALWAYS use $SPLUNK_HOME/bin/splunk install
3: That app should just have an outputs.conf file.
1) Yes, but why do that? Using the CM means not having to install apps on each indexer separately. It also avoids the potential conflict if the same app is both locally-installed and CM-installed.
2) Yes, untar the app in master-apps.
3) The sendtoindexer app is installed on forwarders. It should be placed your deployment servers's deployment-apps directory and deployed to the appropriate forwarders. The outputs.conf file will contain the addresses for your indexers. Alternatively, if you're using Indexer Discovery the file will contain the address of your cluster master.
--- If this reply helps you, an upvote would be appreciated.