I'm looking for help to filter my mstats data using eventtype OR tag I've created for groups of hosts..

Here's an example of my CPU metrics dashboard panel 

| mstats avg(_value) as value where `nmon_metrics_index` metric_name=os.unix.nmon.cpu.cpu_all.Sys_PCT OR metric_name=os.unix.nmon.cpu.cpu_all.User_PCT OR metric_name=os.unix.nmon.cpu.cpu_all.Wait_PCT host=$host$ groupby metric_name, host span=1m
| `def_cpu_load_percent` | timechart `nmon_span` avg(cpu_load_percent) AS cpu_load_percent by host useother=false

I've tried appending a non-metrics subsearch to search against the metric data using my tag AND host so that only the selected hosts return in my panel 

index = example_index (eventtype=test1 OR eventtype=test2 OR eventtype=test3)
| search (host=* AND tag = test2) 
| append 
[ | mstats avg(_value) as value where `nmon_metrics_index` metric_name=os.unix.nmon.cpu.cpu_all.Sys_PCT OR metric_name=os.unix.nmon.cpu.cpu_all.User_PCT OR metric_name=os.unix.nmon.cpu.cpu_all.Wait_PCT host=dac51elo.pjm.com groupby metric_name, host span=1m
| `def_cpu_load_percent` ] | timechart `nmon_span` avg(cpu_load_percent) AS cpu_load_percent by host useother=false