However, all the indexers throw this spurious error, that doesn't seem to impact the results.
[indexer1.mydomain.com] External search command 'ldapsearch' returned error code 1. Script output = " ERROR "KeyError at ""/opt/splunk/var/run/searchpeers/B8AB8EAB-1DD4-42C8-83DE-945995C604D4-1592589919/apps/SA-ldapsearch/bin/packages/splunklib/client.py"", line 1653 : u'ldap'" "
When I login directly to my indexers and execute the same ldap search locally, I don't receive any errors.
SA-ldapsearch is configured on both indexers and searchheads. Each one has valid ldap.conf and passwords.conf and present in $SPLUNK_HOME$etc/apps/SA-ldapsearch . I am able to AD authenticate on all of the machines.
Any idea why I am getting these spurious errors thrown on the searchheads but not the indexers?