Is there any way to sepcify the time range "holiday"?
I know the time modifier "w0" is Sunday. But I do not know how to search event on holiday.
Here's an example of a search against Splunk's internal index restricted to Christmas Eve and Christmas Day:
index=_internal (date_mday=24 OR date_mday=25) date_month=12
You could create a macro to compile all the desired holidays in to one. Keep in mind that you will need to search over a long enough period of time such that the holidays are within your time range.
How do you define holiday? I'm assuming you don't just mean a weekend?