From the journal path prefix, it seems a Rocky Linux setup, that configures systemd-journal with “volatile” (RAM) disk usage.
Why? The Systemd journal is a binary database, already configured to store data up to a certain size. If I’m not wrong, the size depends on the physical memory. It can be checked with this command:
[root@node ~]# journalctl --disk-usage
Archived and active journals take up 301.5M in the file system.
In my case, the node has 16GB of RAM. The journal file is rotated about every 40 minutes (this depends on the node load). To get an idea of the journal DB disk layout look at:
find /run/log/journal/ -ls
Debian journal default instead uses a persistent storage, under /var/log/journal. The basic idea is the same but storage size can be different.
From NS8 perspective, this difference does not count because all journal records are forwareded to Loki by Promtail.
See also: System logs — NS8 documentation