1) The physical display will show you "ALL" the events of you infrastructure (ACE, Receiver, ELM, McAfee EPO, and some other McAfee product if you have them)
2) Local ESM will show only the events related to the ESM (if you have only one ESM, it will give the same informations as above).
3) Receiver-ELM will show only the events collected by this receiver (if you don't have any other McAfee product, it will give you the same informations as above)
4) Correlation Rule are used to "correlate" events from different sources, a simple exemple will be the detection of brute-force : if the same user make three unsuccessful authentication and then at the fourth succeed, generate an alarm.
Normalization is different, it's the way you call your field. Let's say you want to know the "TOP 10 user" on your network, the problem is that in Windows logs it's called "username" and for cisco it's "user".
What you need is all of your equipment to have the same terminology so when you ask McAfee to show you the TOP 10 users it will take in consideration Windows and Cisco logs.
5) Signature IDs are the rules used for the parsing, and normalization ID are for normalizations rules.
6) You can upload a flat file for testing purpose, mostly to be sure that your parser is correct.
You should definitively take a look at the documentation as btkaro said you'll find a lot of useful informations.
Hope this helped and sorry for my English.
Thanks for your update its great feel to know..