Use createview command to create sub-groups from the existing linked groups. This can be used in conjunction with the map command to join groups.

For example, you can group all the Out of Memory errors using the following command:

* | link Entity, Label 
  | createView  [ * | where Label = 'Out of Memory' ] as 'Out of Memory Events'

See createview.