hi reza
DLP incident size is more or less equivalent to email size as email is included in the incident.
But there is other objects which goes from enforce to monitor and vice and versa like :
- Policies
- Index files (even if you dont use them on this monitor they are pushed to it)
- log files (could be huge if you retrieve log from all time at once)
for IT analytics you have no bandwith issue as it is connected only to your enforce database, so just be sure that both are close. I have never tested to plug it to different database as i need it only for once, but i am afraid there can some issue as different enforce means potentially common incident ID.