So next I've created a new stream "fortistream" protocol netflow.
Then I've edited the search from the VF dashboard like this:

index= source="stream:fortistream" | rex field=src_ip "(?.).(?.).(?.).(?.)" | where src1 NOT null | rex field=dest_ip "(?.).(?.).(?.).(?.)" | where dest1 NOT null | eval source_ip=round(src1+exact(src2.001), 3) | eval destination_ip=round(dest1+exact(dest2*.001), 3) | eventstats sum(sum(bytes)) as bytes by source_ip, destination_ip | stats latest(source_ip), latest(destination_ip), sum(count) by bytes | rename latest(source_ip) as "Source IP", latest(destination_ip) as "Destination IP", sum(count) as "Flows", bytes as "Bytes", sourcetype as "Sourcetype"

Put it in verbose mode.

Now I do get data but ONLY the flow data. And here is the funny thing:
The source ip address is cut in half.. (192.168)
The destination ip address too (8.008)

Very weird..

When I run the search like that "index=* source=stream:Splunk_IP" I don't get any results..

I think you need to look at the SPL behind the dashboards and see if it matches the sourcetype that you have.
For example that specific dashboard you mention (Flow Visualization) has the following spl:

index=* source=stream:Splunk_IP | rex field=src_ip "(?.).(?.).(?.).(?.)" | where src1 NOT null | rex field=dest_ip "(?.).(?.).(?.).(?.)" | where dest1 NOT null | eval source_ip=round(src1+exact(src2*.001), 3) | eval destination_ip=round(dest1+exact(dest2*.001), 3) | eventstats sum(sum(bytes)) as bytes by source_ip, destination_ip | stats latest(source_ip), latest(destination_ip), sum(count) by bytes | rename latest(source_ip) as "Source IP", latest(destination_ip) as "Destination IP", sum(count) as "Flows", bytes as "Bytes", sourcetype as "Sourcetype"

So take off all spl from that and search only index=* source=stream:Splunk_IP. Do you get any data in verbose mode?