Thanks for your help 🙂

I'd like to set this range in real time.
I've found a solution with the values "rt-1@d" in earliest and "rt" in latest, inside the Advanced tab of the Time Range Picker.
It works, but if I enter the same value into the Search command line (earliest="rt-1@d" latest="rt"), I obtain the error: Invalid value "rt-1@d" for time term 'earliest'.
Do you know why?

The realtime time ranges are not designed to be applied inline in search. Read this for more details

https://docs.splunk.com/Documentation/Splunk/6.5.0/Search/Specifyrealtimewindowsinyoursearch#Real-ti... (3rd para)

Ok, thanks a lot.