You can find most of this information in the Splunk internal index _internal. Also, you might consider using the Distributed Management Console instead of the SOS App, as it has more information of this sort. Plus, the DMC is free to use, while the SOS App actually uses some of your Splunk license. Finally, the DMC will let you set alerts about resource consumption in your environment... but I digress.

The size of the logs on the disk is not something that Splunk will track, as the original logs may be on a forwarder. However, Splunk does track the inbound raw size of the data, which should probably correspond pretty closely.

A useful command is dbinspect, which can slice and dice information about your indexes in a variety of ways. For example, the following command (yes, it starts with a pipe), will give you the disk space consumed by all your indexes, divided into hot/warm vs. cold.

| dbinspect index=_* 
| eval state=if(state=="hot" OR state=="warm","hot/warm",state)
| stats sum(rawSize) as rawSizeTotal sum(sizeOnDiskMB) as diskused by splunk_server index state
| eval "Raw Size MB"=round(rawSizeTotal/1024/1024,3) | eval "Disk Used MB"=round(diskused,3)
| fields - rawSizeTotal diskused