Splunk Core Certified Power User SPLK-1002 Book

In workflow action definitions, field tokens are enclosed with dollar signs to represent field values dynamically.

Extract: “In workflow actions, enclose field names with dollar signs ($fieldname$) to insert their values dynamically into URLs or searches.”

The transaction command allows you to correlate events across multiple sources. The transaction command is a search command that allows you to group events into transactions based on some common characteristics, such as fields, time, or both. A transaction is a group of events that share one or more fields that relate them to each other. A transaction can span across multiple sources or sourcetypes that have different formats or structures of data. The transaction command can help you correlate events across multiple sources by using the common fields as the basis for grouping. The transaction command can also create some additional fields for each transaction, such as duration, eventcount, startime, etc.