The flow of actions for the graphical chart in FortiAnalyzer is as follows:

1. FortiGate generates logs.
2. FortiGate forwards logs to FortiAnalyzer.
3. FortiAnalyzer receives the logs as archive logs and indexes the logs into the SQL database to convert them into analytics logs (Logs used in FortiView and Reports).

When issues arise, the flow of actions can be referred to to create troubleshooting steps. Below are examples of the problem that show the graph in FortiView is inaccurate:

In FortiAnalyzer:

In FortiGate:

Based on the screen capture, FortiGate is showing 3 users currently connected to the VPN, but in FortiView, it is showing 'No record found'.

Troubleshooting steps can be checked as follows:

1. Check the TAC report to ensure FortiAnalyzer is indexing the logs properly. Verify on the GUI through Dashboards -> Status through the widget: Insert Rate vs Receive Rate. The receive rate refers to how many logs (raw) are being received by the FortiAnalyzer, and the insert rate refers to how many logs are being actively inserted into the database. If the insert rate is zero, a manual rebuild of the SQL database may be required.

Listed below are the important outputs that can be checked to see if the logs are being inserted:

diagnose test application logfiled 4

• There will be disk usage info and the exact date of the available analytics logs:

diagnose log device

• It will show devices and ADOM storage usages, and can also check if FortiGate is sending the logs:

diagnose sql hcache status all

• Hcache is important when viewing a graphical chart. If there is storage used from the output. Meaning, the analytics logs are working as expected.

2. If no issue can be found in the FortiAnalyzer TAC report, it means the issue might lie on the FortiGate side. As a next step, log forwarding can be checked from FortiGate by running the following command:

execute log fortianalyzer test-connectivity

The following output indicates that forwarding to FortiAnalyzer is working as expected. Log: Tx & Rx (8126 logs received since 19:23:25 11/24/25).

3. If the logs are forwarded and being indexed properly, the last thing to check is the logs themselves. For the FortiView VPN chart, there are necessary logs needed in order for FortiAnalyzer to plot the chart. Below are the details:

• tunnel_up: To plot to the starting point for the chart.
• tunnel_down: To plot the ending point for the chart.
• tunnel_stats: To plot after a set interval to ensure the chart can be as accurate as possible.

Based on the screen capture, the issue is that there are no 'tunnel_stats' logs being generated by the FortiGate, and since there are no 'tunnel_down' logs yet due to users still connecting to the VPN, FortiAnalyzer is unable to plot the chart with only 'tunnel_up'. Therefore, FortiAnalyzer is unable to show the chart due to not information.

4. Navigate to FortiGate and ensure the following configuration is observed:

config system settings
    set vpn-stats-log ipsec ssl
    set vpn-stats-period 300
end

5. Verify FortiGate is sending logs in real time:

   config log fortianalyzer setting
       set upload-option realtime
   end

Related articles:
Technical Note: Blank VPN reports

Technical Tip: How to modify IPsec VPN log generation interval