You might try something like this (presuming you have a common field like hostname in each event):
index=ndx sourcetype=srctp ("a.string" OR "another.string")
| rex field=_raw "some text that exists in events with a.string (?<xx>\S+) (?<yy>\s+)"
| rex field=_raw "other text found with another.string (?<zz>\S+)"
| fields xx yy zz hostname
| stats values(*) as * by hostname
| where isnotnull(xx) AND isnotnull(zz)
from User warren – Stack Overflow https://stackoverflow.com/questions/76954948/splunk-map-pass-multiple-values/76977806#76977806
via IFTTT