This is fully supported. Refer to the documentation on configuring distributed search in order for your SH to use the indexer.
You can mix-and match HW and OS anywhere and it should work fine. The only exception is that if you use a Windows Deployment Server for Linux Forwarders, you are likely to have problems with permissions.
No, i have a windows indexer which contains also the deployment server and i would like to add a linux search head for the entreprise security app
Isn't the Windows Deployment Server for Linux Forwarders even worse? That's what we had in my last place and it was breaking the permission model every single time a deployment was made, so we ended up scripting a fix for it.
I thought this wasn't the case on a Linux Deployment Server for Windows Forwarders?
What is the alternative then? Have two deployment servers one for Windows and one for Linux?
There is one other notable exception: If you are using indexer clustering, all indexers must be at the same OS flavor and version AND Splunk needs to be at the exact same version on all peer nodes as well.
So you can't have five Windows boxes and two Linux servers be part of a cluster. But no sane person would consider doing that anyway....
I would generally try to stick with a homogeneous search, indexing & management environment as much as possible (preferably Linux) for all kinds of reasons.