Are the storage pools mirrored? If so it may be a setting on the compression ratio being used.
If the storage pools are simply manually defined per data source, you may want to review which data sources are sending to which ELM.
I might suggest modifying the names so they aren't identical, unless while selecting a pool it denotes which ELM it is connecting to, we only have 1 ELM per ESM so I am not sure how it would show up for two.
They are two separate independet SIEM They cover the same data sources of Active Directory. The strange thing is tha they have almost identical number of log but the total storages differs a lot. they also have the same compression ratio.
Look at your log file/log/byte rates, they are nearly identical.
Your problem is the size of storage pools, they are too small, you are not getting 1Y retention.