So many folks have run into the issue with Fortigate syslogs being sent with a timezone adjusted timestamp. I spent quite a while looking for ways to fix this with pipelines etc, but it turns out you can simply adjust it from the Fortigate.
Make sure “Time zone” in the Fortigate is set to 0 or Monrovia and then make sure “View Settings” is set to “Browser timezone”
Just to be clear this does change the system time of the Fortigate and the syslog timestamps to have a 0 hour offset. The Fortigate UI will respect the browser timezone and display things correctly when connected to the Fortigate.