Disclaimer: the search is not pretty, and could probably use some performance tweaking.
source="testlog.log"
| eval category="SERVICE_ACCEPTED_INVOCATIONS" | stats dc(SERVICE_ACCEPTED_INVOCATIONS) as count by category, _time | table _time category count
| append [search * | eval category="TIMEOUT" | stats dc(TIMEOUT) as count by category, _time | table _time category count]
| append [search * | eval category="ORAEXCEPTIONS" | stats dc(ORAEXCEPTIONS) as count by category, _time | table _time category count]
| append [search * | eval category="DECODE_ERRORS" | stats dc(DECODE_ERRORS) as count by category, _time | table _time category count]
| append [search * | eval category="STATMENT_PROCESSING_ERRORS" | stats dc(STATMENT_PROCESSING_ERRORS) as count by category, _time | table _time category count]
| append [search * | eval category="HIT_MAX_REQ_LIMIT" | stats dc(HIT_MAX_REQ_LIMIT) as count by category, _time | table _time category count]
| append [search * | eval category="SDF_STATE" | stats dc(SDF_STATE) as count by category, _time | table _time category count]
I haven't tried this out with the bubble chart, but it will get you the table in the format you wanted:
_time category count
7/4/12 1:00:00.291 PM HIT_MAX_REQ_LIMIT 0
7/4/12 2:00:00.294 PM HIT_MAX_REQ_LIMIT 0
7/4/12 3:00:00.296 PM HIT_MAX_REQ_LIMIT 0
7/4/12 4:00:00.300 PM HIT_MAX_REQ_LIMIT 0
7/4/12 1:00:00.291 PM SDF_STATE 1
7/4/12 2:00:00.294 PM SDF_STATE 1
... View more