I have 4 applications. All of them generate events like RECEIVED, DELIVERED and DISCARDED. 

In my dashboard, i want to have panel which shows :

• sum of event count of RECEIVED from cs-app1 , cs-app2 and  cs-app3.
• sum of event count of DELIVERED from cs-app4 and
• sum of all DISCARDED from all of the app.

Currently these 3 are displayed as 3 different timecharts panels. 

I would like to combine them as one single timechart which would reduce the clutter on the dashboard..

Is that possible.? If so how should i frame the query which is efficient.

Event example

{
  "log_processed" : {
     "message" : { "app_name" : "cs-app1", "logEvent" : "RECEIVED" }
  }
}

RECEIVED events

index=dockerlogs
| search log_processed.app_name IN ("cs-app1", "cs-app2","cs-app3")
| spath input=log_processed.message output=logEvent path=logEvent 
| search logEvent = "RECEIVED"
| timechart span=1d  count(logEvent) by logEvent

DELIVERED events

index=dockerlogs kubernetes.namespace_name=default
| search log_processed.app_name IN ("cs-app4")
| spath input=log_processed.message output=logEvent path=logEvent 
| search logEvent = "DELIVERED"
| timechart span=1d  count(logEvent) by logEvent

DISCARDED events

index=dockerlogs kubernetes.namespace_name=default
| search log_processed.app_name=*
| spath input=log_processed.message output=logEvent path=logEvent 
| search logEvent = "DISCARDED"
| timechart span=1d  count(logEvent) by logEvent