A.Look back 3 days ago and prior

B.Look back from 3 days ago up to the beginning of today

C.Look back 72 hours, up to the end of today

D.Look back 72 hours up to one day ago

A.$SPLUNK_HOME/etc/scripts

B.$SPLUNK_HOME/bin/scripts

C.$SPLUNK_HOME/bin/etc/scripts

D.$SPLUNK_HOME/etc/scripts/bin

A.We need more information: we cannot tell without knowing the time range

B.We need more information a search cannot be run without specifying an index

C.All events that either have a host of www3 or a status of 503.

D.All events with a host of www3 that also have a status of 503

A.inputlookup

B.outputlookup

C.lookup

D.csvlookup

A.rename

B.fields +

C.sort -

D.dedup