The search only looks at events that have a timestamp within the last 30 minutes.
earliest=-30m latest=now

The following search specifies a time range from 12 A.M. October 19, 2018 to 12 A.M. October 27, 2018.
earliest=10/19/2018:00:00:00 latest=10/27/2018:00:00:00

When specifying relative time, use now to refer to the current time.

On April 28th, you decide to run a search at 14:05, If you specify earliest=-2d, the search goes back exactly two days, starting at 14:05 on April 26th.

On April 28th, you decide to run a search at 14:05, If you specify earliest=-2d@d, the search goes back to two days and snaps to the beginning of the day. The search looks for events starting from 00:00 on April 26th.

Specify that the search starts or ends at the current time. Use latest=now

If you want to search events from the start of UNIX epoch time, use earliest=1. UNIX epoch time 1 is UTC January 1, 1970 at 12:00:01 AM. use earliest=1

Specify a snap to the beginning of the most recent quarter: Jan 1, Apr 1, July 1, or Oct 1. use @q, @qtr, or @quarter

Specify "snap to" days of the week; where w0 is Sunday, w1 is Monday, etc. When you snap to a week, @w or @week, it is equivalent to snapping to Sunday or @w0. You can use either w0 or w7 for Sunday.
w0, w1, w2, w3, w4, w5, w6, and w7

This example searches for Web access errors from the beginning of the week to the time that you run your search. Though not specified, latest=now is assumed with this search, use "eventtype=webaccess error earliest=@w0"

This example searches for Web access errors from the current business week, where w1 is Monday and w6 is Friday, use "eventtype=webaccess error earliest=@w1 latest=+7d@w6"

This example searches Web access errors from the last full business week, use "eventtype=webaccess error earliest=-7d@w1 latest=@w6"

This example searches an index for the last 24 hours but omits any events returned from Midnight to 1:00 A.M., when downtime returns false log entries, use "index=myindex ((earliest=-24h latest<@d) OR (earliest>=@d+1h))"