search source_ip="*" destination_ip="*" destination_port="*" user="*" device_name="*" application="*" sourcetype="fortios5_traffic" | fillnull device_name vdom source_interface source_ip user group destination_interface destination_ip session_type destination_port application service action policy_id bytes_sent bytes_received destination_country | stats count by device_name vdom source_interface source_ip user group destination_interface destination_ip session_type destination_port application service action policy_id bytes_sent bytes_received destination_country _time
where source_ip,destination_ip,destination_port fields are not yet extracted by the sourcetype "fortios5_traffic" ?
