care to expand on this?

This command (after you do cd $SPLUNK_HOME) will show you any file which contains a splunk-encrypted password (and a whole bunch of other binary files, *.js files and other irrelevant junk). The (properly filtered output) will show you which files WILL BREAK when you change the secret file. You then go figure out how to re-input the password for those "things". For example, many people use LDAP for authentication to get into Splunk search heads. This means that the Search Head stored credentials to access AD. This password is encrypted with the secret and stored in $SPLUNK_HOME/etc/system/local/authentication.conf as bindDNpassword. If this is the case for you, then this file will be identified by the grep command.

I was looking for an explanation of the regex but your explanation of the issue is spot on. Still very useful for anyone stumbling upon this answer.

Also, please contact me (email is in my profile) and let me know how your research turned out (I am trying to do the same thing: sync splunk.secret on production system already up and running).

I was able to accomplish this with little-to-no issues but I also wasn't doing it on a system with lots of additional hashed values.

I think that you should click Accept to close the question since the answer is a good (if terse) one.

Ain't my question otherwise I would.