Hello community. I use splunk for one of my projects and i had a doubt.

I have a query which roughly looks like below

index=app* rum.plugin="myPluginId" rum.status="Error" rum.apiCall="apiCallName" | chart count by rum.companyId

which gives the result like

rum.companyId       ||        count
========================
456789456              ||         6
827634966              ||         2
456789057              ||         4
098765456              ||         6
123456789              ||         677


And i run this query for last 24 hours.

Now i want to check, if out of these companyIds listed, whether there was a similar Error occurred for these list of companies (rum.companyId) in past. If it has occurred, show the timestamp of first occurrence. So my expected output is something like

rum.companyId       ||        count     ||. First occurrence Timestamp
================================================
456789456              ||         6              ||. 20/04/90 04:04:04
827634966              ||         2              ||  20/04/90 04:04:04
456789057              ||         4              ||  20/04/90 04:04:04
098765456              ||         6              ||  20/04/90 04:04:04
123456789              ||         677         ||  20/04/90 04:04:04

Is there any way to achieve this? Thanks in advance.