Splunk Enterprise Certified Admin — Question 49

Which of the following is an example of a valid syntax for specifying an absolute time range modifier in a search?

Answer options

• A. earliest=01/01/2019:00:00:00
• B. earliest=01/01/2019T00:00:00
• C. earliest=2019-01-01 00:00:00
• D. earliest=2019-01-01T00:00:00

Correct answer: A

Explanation

Option A is the correct answer because it uses the required format for specifying an absolute time range in Splunk. The other options, while they may seem valid, do not match the expected syntax for absolute time ranges as defined in the documentation.