Splunk Infrastructure Overview — Question 9

Assuming a standard time zone across the environment, what syntax will always return events from between 2:00am and 5:00am?

Answer options

• A. date hour>=2 AND date_hour<5
• B. earliest==2h@h AND latests-5h@h
• C. time_hour>=2 AND time_hour>=5
• D. earliest-2h@h AND latest=5h@h

Correct answer: B

Explanation

The correct answer, B, uses 'earliest==2h@h AND latests-5h@h' to specify the time range accurately. Option A is incorrect because it uses 'AND' instead of 'AND' with a proper structure for the range. Option C is invalid as it uses '>=5' instead of the correct '<5', while D contains syntax errors and does not correctly specify the time constraints.