Hi @dimoobraznii
A lot of your questions can be answered by going through Splunk's documentation. It sounds like you have yet to download and play with Splunk. The best I advice I have for you as of now is to go through the Search Tutorial documentation from start to finish and once you have your basic questions answered, then post more specific use case questions you have here on Answers.
http://docs.splunk.com/Documentation/Splunk/6.1.3/SearchTutorial/WelcometotheSearchTutorial
... View more