The Endpoint Detection and Response (EDR) GUI displays following warning message "Some events have been purged due to low disk space." 

That is normal and expected behaviour. The message is there to notify that disk space usage reached a certain threshold and maintenance task is run to reclaim the space otherwise disk will run out of space. The intention of the message is only to notify that purge process resulted in some older event and incident data removed.

Normally there is no action needed from the EDR administrator, however If there is a need to retain the data for much longer periods of time or indefinitely, it might be advisable to offload the data to Syslog server.

The message will stay for up to 72 hours by default and will be automatically dismissed afterwards.