My company does upgrade to latest version for at least 3 maintenance version for Splunk, as earlier versions may have some bugs. We're currently on DB Connect version 1.1.7 and would like to upgrade to 2.x or higher. What would be the best version to upgrade to ?
If you have to stay in 2.x, I would go with 2.4
If you can go to 3.x I would do that as it has some major performance/design enhancements.
Splunk DB Connect 3.0 is a major release to one of the most popular Splunk add-ons. Splunk DB Connect enables powerful linkages between Splunk and the structured data world of SQL and JDBC. The major improvements of this release are:
Performance improvement. Under similar hardware conditions and environment, DB Connect V3 is 2 to 10 times faster than DB Connect V2, depending on the task.
Usability improvement. A new SQL Explorer interface assists with SQL and SPL report creation.
Improved support for scripted configuration, via reorganized configuration files and redesigned checkpointing system. Note that rising column checkpoints are no longer stored in configuration files.
Stored procedures support in dbxquery.
Retry policy on scheduled tasks is improved (no more need for auto_disable)
Either way be sure to check out the release notes/known issues here: http://docs.splunk.com/Documentation/DBX/latest/ReleaseNotes/Releasenotes
I'd strongly recommend skipping 2.x entirely, and going straight to 3.0... Except for one reason, to soften the blow from leaving 1.x and to appreciate 3.0 more - then you should indeed go to 2.x first.
I agree, v3 is where I would go, especially if the known issue about some addons not being supported doesn't affect you