I didn't really find a method to specify what log fields should be included/excluded when manually downloading logs from FortiAnalyzer.
There are two options you could consider:
- downloading log files from Log View > Log Browse instead
-> those should contain all the entries you need (plus a lot extra) over multiple individual files; you could freely modify the files in a text-editor to get something more usable, and shouldn't run into particular size constraints as the individual files should only be up to a few hundred MB (depends a bit on your log settings)
- log forwarding to a syslog/CEF server
-> if you set up log forwarding on FortiAnalyzer to a syslog/CEF server (NOT another Analyzer) you have the option to set 'Enable Exclusions' and can specify fields there; those fields should then NOT be included in log messages forwarded to syslog/CEF
-> this wouldn't help much with an on-demand download scenario, but if you need to set up something more long-term with log messages and want to filter out fields, this would be the way to go
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++