Working with Time

Question 1

Which of the following are default time fields? Select all that apply.
* date_day
* date_mday
* date_year
* date_hour

Answer 1

• date_mday
• date_year
• date_hour

Question 2

date_time always reflects your local time zone and not the time/date from raw events.
TRUE or FALSE

Answer 2

FALSE

Question 3

_______ and _______ are the time modifiers that override the time range picker in a historical report
* first
* last
* latest
* earliest

Answer 3

earliest and latest

Question 4

Using earliest=-30d@d latest=@d is how to return results from 30 days ago up until the time the search was executed.
FALSE
TRUE

Answer 4

False

@d, cutoff would be the beginning of the day of the search

Question 5

What will the strftime function return when using the %H argument? Select all that apply.
* convert the hour into your local time based on your time zone setting of your Splunk web sessions
* hour of the event generated at index time
* time of raw event in UTC

Answer 5

convert the hour into your local time based on your time zone setting of your Splunk web sessions

Question 6

@timeUnit will always round up and go forward through time.
FALSE
TRUE

Answer 6

False

Question 7

Choose the search that will sort events into one minute groups. Select all that apply.
* | bin _time span=1mins
* | bin span=1minutes _time
* | bin _time span=1m

Answer 7

• | bin _time span=1mins
• | bin span=1minutes _time
• | bin _time span=1m

Question 8

When using the following search arguments, what will be returned? | timechart count span=1h
* chart only events over a 1 hour period
* chart events in 1 hour chunks
* events in the last 24 hours
determine time range of events to scale

Answer 8

chart events in 1 hour chunks