I'm currently running Splunk version 5.0.4 across 2 servers. One server is acting as the indexer & search head. The other is the heavy forwarder & deployment server. These are running on Windows 2008 R2 platform.
It has been deemed necessary to upgrade the Splunk version.
What is the recommended version to upgrade to from 5.0.4?
Will this version install over the existing version of Splunk installed without effecting any data or reports etc that have been created?
Will any of the universal forwarders require an upgrade also?
We have the S.o.S - Splunk on Splunk app installed currently, would this be affected?
Just to add to hunters' great answer and to address your question about S.o.S. - Splunk on Splunk:
According the S.o.S Splunkbase page, as of Splunk Enterprise 6.3, this app is End of Life. It has been replaced and superseded by the Distributed Management Console (DMC). But now as of 6.5.0, the DMC is now known as the Monitoring Console.