Hi

I'm not sure what you are meaning with "publish your own program to splunk"? If it means Your own Splunk App then you just create it on splunk or install it with Splunk GUI. If you are meaning onboarding logs from your own business system then it depends how those are logging. But basically those are quite simple. Just look if there are already done Splunk App/TA for it on splunkbase.splunk.com or just do onboarding by yourself of ask some Splunk Partner to do it and train you at same time. https://docs.splunk.com/Documentation/Splunk/latest/Data/WhatSplunkcanmonitor

EPS/QPS depends what kind of logs you have and which kind of queries you are doing. Also how much data you are ingesting daily base. If you are setting splunk into on premise or own AWS (etc.) environment, then here is some instructions to select correct hardware https://docs.splunk.com/Documentation/Splunk/latest/Capacity/IntroductiontocapacityplanningforSplunk... If you are going to Splunk Cloud then contact some local Splunk Partner and they will help you to correctly sized SC environment.

Absolute minimum configuration is one server which has both indexer and search head capabilities. But this is totally dependant how much data you are ingesting per day and how many source systems will feed it and how you are managing those. In general cases (more than xx GB/day) I propose separate SH (search head) then 1-2+ node index cluster with manager and separate DS (deployment server) to manage input configurations. Of course if you are using to use Splunk premium apps (like ES or ITSI) then there are some more items which need to take into your calculations.

r. Ismo