Tokens
Tokens are at the heart of searching and passing data from one module to another, or one page to another. These are the objects within Splunk that allow you to pass values of a field or result set to another module. These are often represented by the symbol $foo$ in the documentation. Something to keep in mind is that for each module the tokens are often different. This is also where we reach into the development world to understand how these work.
For now, I am going to focus on the tokens of the contextual and dynamic drill-down, in order to give context to what we will be learning in this chapter.
There are far too many tokens within Splunk to list, however they are all necessary. This is basically how they work. A token is set as part of an input, which is then passed to a search in order to filter data to the visualization as represented through the following screenshot:
Once set, this token can be used by other searches downstream with the use of the $<token>$ characters...
