error in chart builder

Hi, My SQL is not that good and I'm having a problem building a Chart from a log view query

Fortianalyzer 6.2.1 build1121 190718*GA)

Fortigate 5.6.9

according to compatibility chart this configuration is supported.

search string in Log view:  ( dvid=1026 ) AND ( appcat="Botnet" or appcat="Proxy" )

time frame 1 day

trying to make a chart with the chart builder gives me:

select `user`, string_agg(distinct `devid`, ' ') as devid__agg_, string_agg(distinct ipstr(`dstip`), ' ') as dstip__agg_, string_agg(distinct `app`, ' ') as app__agg_ from ###(select `user`, `devid`, `dstip`, `app` from $log where $filter and (logflag&1>0) and ( ( `dvid` = 1026) AND (lower(`appcat`) = lower('Botnet') OR lower(`appcat`) = lower('Proxy')) AND to_tsvector('english', coalesce("user", '') || ' ' || coalesce(ipstr("srcip"), '') || ' ' || coalesce(ipstr("dstip"), '') || ' ' || coalesce("service", '') || ' ' || coalesce("app", '') || ' ' || coalesce(to_string("utmaction"), '')) @@ to_tsquery('(')) group by `user`, `devid`, `dstip`, `app` order by `dstip` desc)### t group by `user` order by dstip__agg_ desc

the error I get is: ERROR: no operand in tsquery: "("

in the chart builder I cannot change anything in the SQL query.

Any idea what could be wrong here?

Thanks,