I talked with support today, here' s the deal:
Fortinet acknowledged the log filtering issue on 4.3.x
It is widespread and affects most of the columns you can select on the Fortigate webconfig traffic log. Seems that it might also affect the FortiAnalyzer (but I dont have one, so I cant confirm).
I did NOT get a bud ID, sorry.
here' s the kicker, they do NOT seem to planning on fixing this issue in 4.0. They plan on fixing the issue in 5.0, which will be released soon.
To me, this seems nuts. 4.3 is now on patch 10 and should be considered extremely stable and reliable and near perfect. And yet, there is a significant issue with log filtering to point where, filtering logs on a Fortigate running ~ 4.3.8-10 is BROKEN and useless.
I wont be trying 5.0 until probably patch 3, so I guess it will be a long time until I get this fixed. I am posting this so people dont feel crazy or waste time contacting support about this issue.