Posted by: Pdfprep
Post Date: October 31, 2020
Which of the following is the best way to create a report that shows the last 24 hours of events?
A . Use earliest=-1d@d latest=@d
B . Set a real-time search over a 24-hour window
C . Use the time range picket to select “Yesterday”
D . Use the time range picker to select “Last 24 hours”
Answer: D
Explanation:
Reference: https://answers.splunk.com/answers/153100/how-to-get-the-event-count-for-the-last-24-hoursas-a-scheduled-report.html
Leave a Reply