CrowdStrike Certified Falcon Hunter (CCFH) — Question 33
Which SPL (Splunk) field name can be used to automatically convert Unix times (Epoch) to UTC readable time within the Falcon Event Search?
Answer options
- A. utc_time
- B. conv_time
- C. _time
- D. time
Correct answer: C
Explanation
The correct answer is _time, which is the standard field in Splunk that represents the event time in UTC. The other options, while they may seem relevant, do not serve the purpose of automatically converting Unix timestamps to a readable format within the Falcon Event Search.