Depending on your use case, you either do something like this:
index=ndx sourcetype=srctp fieldA=something fieldB=pattern fieldC=*
Or you might end up doing this:
index=ndx sourcetype=srctp "some literal text"
| rex field=_raw "a pattern of stuff (?<fieldtoextract>regex-goes-here)"
Or possibly this:
index=ndx sourcetype=srctp fieldA=*
| stats values(fieldB) by fieldA
| where mvcount(fieldB)>3 AND match(fieldA,"something")
Or maybe something else entirely.
If you have sample data, we can help craft some more-specific SPL for you – but there are many many many ways to "search within a search" in Splunk.
from User warren – Stack Overflow https://stackoverflow.com/questions/65355904/splunk-equivalent-to-chained-greps-for-searching-within-a-search/65357400#65357400
via IFTTT