earliest=-mon@mon latest=@mon with this will it be, assuming in Feb1st at 11am, beginning Jan1st to end of Jan31st?
Or would it be beginning Jan1st to beginning Feb1st? probably pretty much the same thing really.

how come in some queries earliest works and others it doesnt? Case in point
"earliest=-2d | metadata type=hosts | table host | sort 0 user" does not work but in other queries it does?

Any search which starts with a pipe symbol e.g. | dbquery , | medatata ,| inputlookup ,| rest etc doesn't support in-line timerange modifiers. They do support time range picker values though (wherever applicable).

thanks.. sorry I'm fairly new to Splunk. So how would I add a time range picker value? I thought that's what earliest did... was just a replacement for time picker in the UI time selector.

If you're running adhoc search, you can use the timerange picker control (right of search text box). In dashboards, you're timerange picker available as dashboard level OR panel level. For saved searches, there are specific textboxes available for Start Time/Earliest and Finish time/Latest.

Not to forget the coolest snaps of them all, @w1 (Monday) to @w7 (Sunday) - they'll snap to the most recent week day.

Thank you for the quick reply Ayn.

To ensure I understand it using your example:

earliest -2d@d would give me the results from 4/26 00:00:00 - 4/28 14:00:00

where as earliest -2d would give me the results from 4/26 14:00:00 - 4/28 14:00:00