I'd like to select the earliest events broken down by category.
i.e. I would like to see something like this:
error | stats earliest(_raw) as earliest_raw by error_category | ...
That pretty much gives me what I need, but it's a little inconvenient that 1) now I have to work off of "earliest_raw" and 2) the event list view doesn't show anything.
Is there a better way? What I'd really like to do is something like:
error | earliest by error_category | ...