Current State : We have below Splunk instances running 6.5.2 version

1. 1 x Splunk ES
2. 1 x Indexer (Physical SBOX which is managed device)
3. 2 x Heavy Forwarders

The Indexer also shared role of DMC/LM/DS.

The plan is to

• Move away asap from the current Indexer and start sending all logs to two new Indexers (Not in a cluster). However, the expectation is to still keep the current Indexer until all the existing data gets aged out eventually.
• Upgrade Splunk instances to 7.3.X

so expected Future State would be :

1. 1 x Splunk ES (OLD will be upraded to 7.3.X)
2. 1 x Splunk Search Head (NEW Regular Non-ES - 7.3.X)
3. 1 x Indexer (OLD - 6.5.2 This cannot be upgraded due to unknown reasons)
4. 2 x Indexers (NEW - 7.3.X)
5. 2 x HFs (OLD will be upraded to 7.3.X)
6. 1 x DS/LM/DMC (NEW - 7.3.X)

I have two main queries,

1. This link states to deploy add-ons to indexers, for complex deployment which includes SH with ES and without, one should contact Splunk Prof Services. What are the important considerations other than the storage on new Indexers to be taken if I want to do this myself?
2. Mainly, even though this link states that 7.x search heads are compatible with 7.x and 6.x search peers. I wonder how the apps and add-ons on OLD Indexer (6.5.2) would be compatible with Splunk ES apps/add-ons when its upgraded to 7.3.x ?