Splunk Core Certified User — Question 175

What is the correct way to use a time range specifier in the search bar so that the search looks back 2 hours?

Answer options

• A. latest=-2h
• B. earliest=-2h
• C. latest=-2hour@d
• D. earliest=-2hour@d

Correct answer: B

Explanation

The correct answer is B because 'earliest=-2h' specifies the start of the time range as 2 hours ago. Options A, C, and D are incorrect as they either specify the end of the range improperly or use an invalid time format.