A primary purpose of a SIEM is to facilitate searching of that data for interesting information to act on. If you exported 3 days of raw CSV data, what exactly are they doing with that data? Doing something like a raw text search from a text editor is not the way here. Sometimes it is better to inform clients that there is a more efficient way to search their data than whatever tool they are using.
Did they state the request for why 3 days of logs are needed, or what they are looking for? It would be better to gather their requirements and run those searches from within the SIEM.
That being said, data export is limited to 100K records at at time due to volume. Many clients may not understand the sheer volume of events coming in at any one time. One of the SIEM's major purposes is to make reporting on that data simple, exporting the data in bulk for manual searching is inefficient. At 100 eps, that is 8,640,000 events per day. That expected traffic from a small branch firewall, now imagine you have 100 firewalls reporting into your SIEM, the event volume per day?
It simply doesn't make sense to export logs that are already searchable within the SIEM. I would recommend gathering their requirements and running their queries from within the SIEM.
If they are looking for compliance reporting, an auditor may ask for a sample data set on a certain day to prove log retention, but they don't need the whole day, only a sample of events during a given day.