It's not based on time but number of events.
For Connection Events and Security Intelligence events (combined) the upper limit is 50 million on an FMCv (release 6.4) and up to 1 billion on an FMC 4000 series. (We expect this to change in Firepower 6.5 - for the better.) The default is 1 million events. You can easily get that many in just a few hours on a moderate size enterprise if you are logging all connections.
You can see and change the settings in FMC under System > Configuration > Database
Hi @Marvin Rhoads, what will happen if it reach the limit? Based on my understanding from you there is no default or automatic purging for the logs in FMC, am I correct? THanks
The events "roll over" when you reach the limit. That is, the oldest events are dropped out of the tables to make room for the newest ones.
The only thing in Firepower that doesn't behave this way is host discovery. That's why it's important to properly define your $HOME_NET and $EXTERNAL_NET variables.