At the time of searching the start time is 03:35:08.
Will it look back to 03:00:00 if we use -30m@h in searching?

Question

At the time of searching the start time is 03:35:08. Will it look back to 03:00:00 if we use -30m@h in searching?

Accepted Answer

Correct answer: A. A. Yes — The option 'Yes' is correct because the expression -30m@h indicates a lookback of 30 minutes to the nearest hour, which in this case would be 03:00:00. The option 'No' is incorrect as it misunderstands the functionality of the time adjustment command.

Splunk Core Certified User — Question 129

Answer options

Correct answer: A

Explanation