Tokens are at the heart of searching and passing data from one module to another, or one page to another. These are the objects within Splunk that allow you to pass values of a field or result set to another module. These are often represented by the symbol $foo$ in the documentation. Something to keep in mind is that for each module the tokens are often different. This is also where we reach into the development world to understand how these work.

For now, I am going to focus on the tokens of the contextual and dynamic drill-down, in order to give context to what we will be learning in this chapter.

There are far too many tokens within Splunk to list, however they are all necessary. This is basically how they work. A token is set as part ...