Splunk Enterprise Certified Admin — Question 40

Which of the following are valid request arguments for the REST search endpoints? (Select all that apply.)

Answer options

• A. latest_time=rt
• B. latest_time=now
• C. earliest_time=-5h@h
• D. earliest_time=rt_10m@m

Correct answer: B, C

Explanation

Option B, latest_time=now, is correct as it specifies the current time, which is a valid argument. Option C, earliest_time=-5h@h, is also valid as it indicates a time range, allowing for flexible searching. Options A and D are incorrect because they use invalid formats for the time parameters.