Make sure to receive the logs on the FortiAnalyzer so that it can be used to generate reports.

Related article:

Troubleshooting Tip: FortiGate to FortiAnalyzer connectivity

Log example for conserve mode:

date="2023-11-22" time="01:03:39" id=7304054965926890395 bid=16466602 dvid=1782 itime=1700607819 euid=3 epid=3 dsteuid=3 dstepid=3 logver=702051517 logid="0100022011" type="event" subtype="system" level="critical" msg="Kernel enters memory conserve mode" logdesc="Memory conserve mode entered" conserve="on" red="1642 MB" green="1530 MB" total=1866 used=1644 service="kernel" eventtime=1700607817932994002 tz="+0200" devid="FGVM02TM22000806" vd="root" devname="Lab-1"

Create a new Dataset using the below Query:

"select vd, devname, devid, msg, count(*) as Number from $log
where $filter and msg='Kernel enters memory conserve mode'
group by vd, devname, devid, msg
order by Number DESC"

If the message is 'Kernel enters extreme low memory mode' , create a new Dataset using the below Query :

   "select vd, devname, devid, msg, count(*) as Number from $log
    where $filter and msg='Kernel enters extreme low memory mode'
    group by vd, devname, devid, msg
    order by Number DESC"

Create a new Chart, using the 'Conserve mode' Dataset : 

Create a new Report : 

On the tab Editor, insert Chart using the 'Conserve mode' : 

Run the report:

The report can be viewed in different formats such as HTML and PDF. It can be also sent by mail.

Troubleshooting:
If a problem occurs, run the report in the CLI and send it using the following steps:

exe tac report
exe sql-report list-schedule <adom>
exe sql-report list <adom>
exe sql-report run <adom> <report ID>
exe sql-report view report-data <adom> "name of the report"