Your question is reasonable for a newbie. Yes, an indexer is an instance of Splunk installed on a server. What I find daft is that your task master thought it reasonable to assign this to someone who knows nothing about Splunk. Normally, installing ES is a 3-week Professional Services engagement. UBA is additional. While a DIY installation is possible by someone familiar with Splunk I would not expect someone new to be successful at it. Given the cost of ES, it really makes sense to bring in an expert to get it right the first time. I'm surprised Splunk did not include PS time in the sale of ES. I don't know enough about UBA to answer questions about it. The number of indexers you need is based on the amount of data you will be ingesting. For ES installations, Splunk recommends 80-100 GB/day/indexer. That accounts for indexing incoming data as well as performing searches on that data.
... View more