The sizing guide doesn’t reflect some optimizations that have been made in both technologies in the last couple of years, but it remains fairly close to what you could expect in a heterogeneous logging environment with parsing and enrichment taking place for each log pipeline.
Unfortunately, logs are complex and therefore tight estimations are difficult. If you have a lot of logs that are similar and parsing those logs are fairly simple (JSON, or KV pair, or something covered by an input) then you could get double, or more traffic through the same environment. However, the inverse is also true, if your logs are complex or you implement a poorly written parser, then your throughput will suffer greatly.
Any idea what sort of logs you’re planning to put into Graylog?