Found the problem, and fixed. INFO KeyManagerSearchPeers [601811 TcpChannelThread] - Sending SHC_NODE_HOSTNAME public key to search peer: https://OLDIDX:8089
ERROR SHCMasterPeerHandler [601811 ...
See more...
Found the problem, and fixed. INFO KeyManagerSearchPeers [601811 TcpChannelThread] - Sending SHC_NODE_HOSTNAME public key to search peer: https://OLDIDX:8089
ERROR SHCMasterPeerHandler [601811 TcpChannelThread] - Could not send public key to peer=https://OLDIDX:8089 for server=SHC_NODE_HOSTNAME (reason='') Inside the SHC nodes, there was a node to which, probably, time ago, i copied the "distsearch.conf" manually, without deleting all previous peers in UI or restarting with a clean empty "distsearch.conf". So previous peers remained "as artifacts" (inside a system kv table?), and splunkd read them as active also if not present nor visible in "distsearch.conf" or in UI DistSearch Panel. Simple solution, from a SHC node UI, Delete all peers, one by one (the delete sync with other nodes) Insert again all peers, one by one (the insert sync with other nodes) After a clean restart, WARNINGS messages with old IDXS/PEERS went away. So, it was a real artifact, i presume inside a system kv table, since on fs no .conf contains them !!! 🤷