In a scenario where the FortiGate has been enabled with Security Fabric, it is not possible to disable a previously enabled FortiAnalyzer, even if the FortiAnalyzer device has been decommissioned or is otherwise unavailable.

The option to disable FortiAnalyzer will be greyed out as shown:

Attempting to remove (unset) the FortiAnalyzer via the CLI fails with an error (as below), however, this also gives a clue to the reason and also the solution:

FGT (global)  config log fortianalyzer setting
FGT (setting) unset status 
FGT (setting) end
At least one FortiAnalyzer or FortiAnalyzer Cloud or FortiGate Cloud log should be enabled for Security Fabric functionality 
to work properly.
object set operator error, -39, roll back the setting.
Command fail. Return code -39

The reason for this is that the Security Fabric requires at least one active logging destination.

Therefore, this issue can be resolved by enabling FortiGate Cloud logging to satisfy the Security Fabric requirement.

To configure cloud logging in the GUI:

1. Go to Security Fabric -> Fabric Connectors and select the Logging & Analytics card.

2. On the Cloud Logging tab, set Type to FortiGate Cloud.

Related documents:
Technical Tip: FortiAnalyzer Cloud is greyed out even though FortiAnalyzer Cloud entitlement is purc... 

Technical Tip: The impact of 'set configuration-sync local' on the Security Fabric

Configuring cloud logging