FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
Article Id 193954
This article relates to the situation where the VPN report shows blank when ran on a FortiAnalyzer. Also, the datasets do not return any log data even when running the datasets related to the VPN chart.

The reason for this is a design change on FortiAnalyzer datasets.  FortiAnalyzer uses VPN logs with action='tunnel-stats' and most of the VPN related datasets use this field to get bandwidth and duration data. If the raw VPN logs being forwarded by the FortiGate devices do not contain the field action='tunnel-stats', then no data will be returned in reports/datasets.

Firmware v5.0.8 and above, and v5.2.0.

The FortiGate should send the 'tunnel-stats' log to FortiAnalyzer. To achieve this it is important to make sure that the FortiGate has the following config set:

config system settings
set vpn-stats-log ipsec ssl
set vpn-stats-period 300

Note: After applying the above change, allow adequate time for the logs to be collected by the FortiAnalyzer before running the report.