DDOS Questions Fortigate

So im 99.9% positive we had a DDOS attack today. I Think this because the network utilization graph shot from 5mbps to 5gbps and stayed there for probably 5 or so minutes. By the time I figured out that was what had happened it had almost ended. I am in K12 so sometimes Kids hire services to do this. From what I've seen usually the Free ones don't have the capabilities to fill a 5gb circuit. Any truth to this? Not that it matters more just curious. Second Question the fortigate CPUs shot to a 100% so it took down our internal network. This was caused by the miglogd process which im assuming was because it was bombarded by so many packets from so many sources? After it was over I tried to look at the log and couldnt really find much nor was it respnding well most likely because of the magnitude of logs? Is there certain things to look for? Certain things to setup for logging that would give you more insight? I know alot of that doesn't matter because the attack is distributed just curious. The kids are remote so probably little chance of figuring out who started it. Mitigation services are far to expensive from what i've seen to be feesible. I've only seen 2 of these in 15 years and the last one was when we had a school on a cable modem. Just more asking questions for my own skills and knowledge.