It turns out that FortiGate CEF output is extremely buggy, so I built some dashboards for the Syslog output instead, and I actually like the results much better.
I also created a guide that explains how to set up a production-ready single node Graylog instance for analyzing FortiGate logs, complete with HTTPS, bidirectional TLS authentication.
Download from GitHub
GitHub project
Open issues
Stargazers
Be sure to add yourself as a watcher to the GitHub project to be notified of new Content Pack releases that fix bugs or add more features.
Looks good.