I have recently configured a new Splunk Enterprise environment and I need to configure a search peer on my head instance. As i'm using puppet to configure all my instances, i'm doing this by adding the following to /opt/splunk/etc/system/local/distsearch.conf on the search head.
I'm also copying the trusted .pem file from the search head to the right folder on the peer. as per the documentation. I'm using our own IPA certificate to encrypt traffic between the instances. However after I restart Splunkd on both I get the following errors in the splunkd.log on the search head: