Not knowing the field name is definitely going to be tricky when it comes to processing it later, but what you’ll want to do is this:
index=ndx sourcetype=srctp "V1" "V2"
Be default, Splunk ANDs all search terms.
So if you’re looking for "V1" and "V2" in the same event, you just need to quote all of the individual terms you’re looking for.
Depending on your data, you may get better performance using TERM(), too:
index=ndx sourctype=srctp TERM("V1") TERM("V2")
from User warren – Stack Overflow https://stackoverflow.com/questions/65596568/multifields-search-in-splunk-without-knowing-field-names/65597115#65597115
via IFTTT