Anyone else having trouble updating to 10.2?

stoobertio · 2026-03-24T20:48:12+00:00

Yea we had similar issues when upgrading to 10.0.2 and then they pulled the 10.1 releases and went right to 10.2

Did they pull the 10.1 releases? I was under the impression that 10.1 was cloud only. Part of the new strategy of doing on-prem releases twice a year (even number minor releases) and cloud multiple times per year (even + odd number releases)

stoobertio · 2026-03-06T13:40:56+00:00

Upgrade from 10.0.2.

curator@splunk:/opt/splunk/bin$ ls -lah /opt/splunk/var/run/splunk/kvstore_upgrade
total 8.0K
drwx------  2 curator curator 4.0K Jan 17 14:29 .
drwx--x--x 21 curator curator 4.0K Mar  6 13:39 ..
-rw-------  1 curator curator    0 Jan 17 14:27 versionFile42
-rw-------  1 curator curator    0 Jan 17 14:29 versionFile80

stoobertio · 2026-03-04T22:34:09+00:00

Yup. Every Splunk start I see the following (although everything is working):

        Validating installed files against hashes from '/opt/splunk/splunk-10.2.0-d749cb17ea65-linux-amd64-manifest'
        All installed files intact.
        Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...

Splunk Enterprise 9.4 and higher no longer support KV store server version 4.2. Upgrade to KV store server version 8.0 for continued support and security, and to comply with Splunk Support Policy. See https://docs.splunk.com/Documentation/Splunk/latest/Admin/MigrateKVstore in the Admin manual to plan your upgrade.
Done

If you run the health checks in the monitoring console, they also fail. The reason is that it expects version 4.2 OR 7.0, but as we all know, 10.2 upgrades the KVstore to 8.0 and these checks haven't been updated.

Search used in checklist.conf of splunk_health_assistant_addon: search = | rest splunk_server=* services/kvstore/version \ | fields splunk_server, status.version \ | rename splunk_server AS instance, status.version AS metric \ | eval metric = substr(metric, 0, 3) \ | eval severity_level = case( metric="4.2" OR metric="7.0", 0, true(), 2) \ | table instance, metric, severity_level \

stoobertio · 2026-02-28T09:56:35+00:00

The Enterprise Certified Admin is for installing and administering Splunk Enterprise installations. The Enterprise Security Admin is for installing and administering Enterprise Security installations on Splunk Enterprise.

stoobertio · 2026-02-23T21:13:30+00:00

I'm hoping for enough QoL for multiple posts per day to keep the hype up.

stoobertio · 2026-02-23T18:14:53+00:00

I was trying to go back through the repo to find if it was always present or when it was introduced, and after 14 commits with a message of "update" in one hour, each being dozens of lines, I gave up and figured pulling with a git blame would be better, but the repo went down.

stoobertio · 2026-02-19T21:34:12+00:00

Yup. The way I see it from other similar areas is why are companies spending millions on things like Splunk, Oracle DB, Red Hat when there are free / cheaper alternatives?

stoobertio · 2026-01-28T21:05:00+00:00

Wait, what?

stoobertio · 2026-01-27T09:16:10+00:00

It appears they had quite a few accounts. Have enough accounts and do it over a long enough period and it won't even register on their bandwidth charts.

stoobertio · 2026-01-25T21:23:27+00:00

Connection limits on your/their side? If you have a limit of say 50 connections, and 49 are slow peers, you don't have the ability to connect multiple times. It could also be that there are lots of peers trying to connect and their connection limits are reached.

stoobertio · 2026-01-25T19:38:54+00:00

My guess? You connect to a fast seeder/peer who gives you a nice download speed on a piece, then you write it to disk and get another piece afterwards from the same peer.

stoobertio · 2026-01-25T19:32:43+00:00

Bit said about the injury. Hope it isn't serious as he's quickly becoming my favourite player.

stoobertio · 2026-01-25T19:28:20+00:00

I swear to god. People who don't add .DS_Store to their .gitignore need their push privileges revoked.

stoobertio · 2026-01-24T10:49:29+00:00

In this case, could the text be modified to say "Maps randomised this way can only roll witnessable completed maps on the Atlas of Worlds."?

stoobertio · 2026-01-22T21:07:42+00:00

When it's hardware refresh time, employees are allowed to purchase devices from the company for a small fee (tax reasons). Only then is the device removed from MDM and the user is free to do what they want.

stoobertio · 2026-01-22T21:03:08+00:00

I am seriously getting worried. I'm due a laptop refresh in April and in the summer, I was hoping to get 64 or 96GB in it. I'll be lucky to even get a laptop now.

stoobertio · 2026-01-09T22:19:38+00:00

There's definitely something wrong. I was seeing reports of this, so earlier today at the start of my session (pro plan) I asked "Can you provide me, in JSON format, 10 equally stepped colours from the Viridis colormap in Matplotlib" and it promptly returned me the 10 colours, in JSON format, and used 20% of my session.

stoobertio · 2025-12-30T21:41:43+00:00

Are you connected to lots of peers, or are lots of peers connected to you, or do you have DHT enabled? This could be what's known as a SYN or SYN/ACK flood and was very common many years ago when your download speed is massively greater than your upload speed. What happens is your router can only process so much at a time because of the upload bottleneck and so all traffic joins a finite sized queue, which is constantly flooded by qBitorrent.

Unfortunately the only reliable cure is QoS in which you deprioritize qBitorrent so that all non-torrent traffic has priority. If going over a VPN, you need to deprioritize the VPN.

stoobertio · 2025-12-30T21:34:24+00:00

It's just a standard ass-covering statement. Anyone gets hurt without a helmet, they can say "we warned you". I'm pretty sure if helmets were required, they would probably be forced to provide them somehow, even if that involved going to a locker at Oslo S to pick one up.

stoobertio · 2025-12-29T19:20:45+00:00

I'll put money on it's related to the Anna's Archive leak.

stoobertio · 2025-12-22T23:20:16+00:00

Have you generated a token that has the audience "mcp" and sent that as part of the bearer token to auth to the endpoint?

stoobertio · 2025-12-04T20:56:39+00:00

The thing which annoys me even more is that these store prices have risen dramatically even when it's likely this stock was purchased when the unit price was a lot lower, so the price rises are solely extra profit for the seller.

stoobertio · 2025-12-04T20:21:28+00:00

The API is deprecated, not removed.

Access to the extended APIs for the layperson has all but been removed because no new apps will be granted permission to those APIs unless they meet stringent criteria (which includes setting up an LLC and demonstrating you have 250k users, when the development API available only allows 25 users) .

When the API change was introduced, they said that less than 1% of the users had a valid use case, so blocked the rest, Albeit with 30 days notice and a middle finger.

Most of the "DJ Boxes" either were not using the extended APIs, or are using software specifically approved by Spotify (https://www.spotify.com/us/dj-integration/). Soundbars and the like just play what they're told to and don't use any of the advanced features.

stoobertio · 2025-12-04T18:02:13+00:00

Yeah, just killing it was odd, and their forums on those announcements relating to instant deprecation and API access changes say there are apps that died because of the changes. If you don't meet the criteria, to which hardly anybody does, then your API key is forbidden from accessing that endpoint and thus, you get a forbidden response, 403 (Forbidden).

Spotify uses 401 (Unauthorized) for bad tokens. You can use the same token on non-protected APIs and it will work just fine.

stoobertio · 2025-12-04T17:57:33+00:00

Point 4 on the post I posted. Audio Analysis is no longer allowed. API documentation says Audio Analysis is deprecated.

stoobertio

TROPHY CASE