40 gigs a day off a single appliance can be high, normal, or very (very) low
That you don’t have enough storage indicates your environment likely wasn’t architected properly
Proper sizing and implementation is done by Splunk PS and/or PS partners – or you may even be able to get what you need via your Sales rep or SE
from User warren – Stack Overflow https://stackoverflow.com/questions/70277201/fortigate-generates-40g-data-in-splunk/70290446#70290446
via IFTTT