I can successfully run the following search from within Splunk:

sourcetype=ossim "Event received" ((plugin_id>=1001 AND plugin_id<=1131) OR plugin_id=1597) | lookup ossim_plugins plugin_id OUTPUT plugin_name | timechart count by plugin_name

I've tried to insert this search into a dashboard as follows:

  <chart>
    <title>IDS Events by Plugin (60 Minutes)</title>
    <searchString>sourcetype=ossim "Event received" ((plugin_id>=1001 AND plugin_id<=1131) OR plugin_id=1597) | lookup ossim_plugins plugin_id OUTPUT plugin_name | timechart count by plugin_name</searchString>
    <earliestTime>-1h</earliestTime>
    <option name="charting.chart">area</option>
    <option name="charting.legend.placement">right</option>
    <option name="charting.chart.stackMode">stacked</option>
    <option name="charting.chart.nullValueMode">connect</option>        
  </chart>

When I restart Splunk, I see the following message from the console:

Error while parsing path to file not well-formed (invalid token): line 6, column 88

What am I doing wrong here?

Thanks!