Splunk is not compressing and rotating your log files - unless someone wrote a script and added it to Splunk, which is unlikely.
Usually, on Linux, people use cron + the logrotate command to do this.
1 - rotate the log files more frequently. Try to keep the size down to 10Gb or less. Usually, you can specify a time-based or a size-based parameter to the log file rotation software.
2 - do not immediately compress the rolled log. If xyz.log rolls to xyz.log.1, do not compress it. Compress xyz.log.2 instead. This will allow Splunk to finish indexing the xyz.log.1 file before it is compressed
3 - blacklist the compressed files (*.gz or whatever) so that Splunk does not look at them, otherwise it may duplicate events.
This will also give you smaller log files, so that the compression should run faster. When you are re-configuring your log rotation software, be sure to make sure it is running regularly. If you are using cron, change the run interval from daily to hourly.
... View more