diff --git a/DC-SLES-journalctl b/DC-SLES-journalctl
new file mode 100644
index 000000000..0aaa4826a
--- /dev/null
+++ b/DC-SLES-journalctl
@@ -0,0 +1,18 @@
+# This file originates from the project https://github.com/openSUSE/doc-kit
+# This file can be edited downstream.
+
+## Basics
+MAIN="journalctl.asm.xml"
+SRC_DIR="articles"
+IMG_SRC_DIR="images"
+
+## Profiling
+PROFOS="sles"
+PROFCONDITION="16.0"
+#PROFARCH="x86_64;zseries;power;aarch64"
+
+DOCBOOK5_RNG_URI="urn:x-suse:rng:v2:geekodoc-flat"
+
+## stylesheet location
+STYLEROOT="/usr/share/xml/docbook/stylesheet/suse2022-ns"
+FALLBACK_STYLEROOT="/usr/share/xml/docbook/stylesheet/suse2021-ns"
\ No newline at end of file
diff --git a/articles/journalctl.asm.xml b/articles/journalctl.asm.xml
new file mode 100644
index 000000000..0e4165cb8
--- /dev/null
+++ b/articles/journalctl.asm.xml
@@ -0,0 +1,157 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?xml-model href="https://cdn.docbook.org/schema/5.2/rng/assemblyxi.rnc"
+type="application/relax-ng-compact-syntax"?>
+<!DOCTYPE assembly
+[
+<!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+%entities;
+]>
+<!-- refers to https://github.com/SUSE/doc-sle/blob/main/xml/systemd.xml -->
+<assembly version="5.2" xml:lang="en"
+xmlns:xlink="http://www.w3.org/1999/xlink"
+xmlns:trans="http://docbook.org/ns/transclusion"
+xmlns:its="http://www.w3.org/2005/11/its"
+xmlns="http://docbook.org/ns/docbook">
+<!-- R E S O U R C E S -->
+<resources>
+<!-- concepts -->
+<resource href="../concepts/journal-about-journald.xml" xml:id="_journal-about-journald"/>
+ <resource href="../concepts/journal-structure.xml" xml:id="_journal-structure"/>
+ <resource href="../concepts/journactl-about.xml" xml:id="_journactl-about"/>
+<!-- glue -->
+<!-- tasks--> 
+<resource href="../tasks/journald-configure.xml" xml:id="_journald-configure"/> 
+<resource href="../tasks/systemd-journald-troubleshooting.xml" xml:id="_systemd-journald-troubleshooting"/> 
+<resource href="../tasks/journald-filter-journals.xml" xml:id="_journald-filter-journals"/> 
+<!-- references-->
+<resource href="../references/journalctl-usage.xml" xml:id="_journalctl-usage"/> 
+</resources>
+
+<!-- Appendix -->
+<resources>
+<resource href="../common/legal.xml" xml:id="_legal">
+<description>Legal Notice</description>
+</resource>
+<resource href="../common/license_gfdl1.2.xml" xml:id="_gfdl">
+<description>GNU Free Documentation License</description>
+</resource>
+</resources>
+<structure renderas="article" xml:id="sles-journald">
+<merge>
+<title>Mastering System Logs: From <command>systemd-journald</command> to <command>journalctl</command></title>
+<!-- History -->
+<revhistory xml:id="rh-sles-journald">
+<revision><date>2025-11-26</date>
+<revdescription>
+<para>
+Initial version
+</para>
+</revdescription>
+</revision>
+</revhistory>
+<!-- Maintainer -->
+<meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+<!-- Architecture -->
+<meta name="architecture" its:translate="no">
+<phrase>&x86-64;</phrase>
+<phrase>&power;</phrase>
+<phrase>&zseries;</phrase>
+<phrase>&aarch64;</phrase>
+</meta>
+<!-- Productname & Version -->
+<meta name="productname">
+<productname version="16.0">&sles;</productname>
+<productname version="16.0">&sles4sap;</productname>
+<productname version="16.0">&sleha;</productname> 
+</meta>
+<!-- Social Media -->
+<meta name="title">Mastering System Logs: From <command>systemd-journald</command> to <command>journalctl</command></meta>
+<meta name="description">
+Learn how to view and manage &productnameshort; logs using <command>journalctl</command></meta>
+<!-- Search -->
+<meta name="social-descr">View and filter logs with <command>journalctl</command></meta>
+<!-- Task -->
+<meta name="task" its:translate="no">
+<phrase>Configuration</phrase>
+<phrase>Storage</phrase>
+<phrase>Maintenance</phrase>
+<phrase>Administration</phrase>
+</meta>
+
+<meta name="category" its:translate="no"><phrase>Systems Management</phrase>
+</meta>
+<!-- Series -->
+<meta name="series" its:translate="no">Products &amp; Solutions</meta>
+
+<dm:docmanager xmlns:dm="urn:x-suse:ns:docmanager">
+<dm:bugtracker>
+<dm:url>https://bugzilla.suse.com/enter_bug.cgi</dm:url>
+<dm:component>Documentation</dm:component>
+<dm:product os="sles">SUSE Linux Enterprise Server 16.0</dm:product>
+<dm:product os="sles4sap">SUSE Linux Enterprise Server 16.0</dm:product>
+<dm:product os="sleha">SUSE Linux Enterprise Server 16.0</dm:product> 
+<dm:assignee>shalaka.harne@suse.com</dm:assignee>
+</dm:bugtracker>
+<dm:translation>yes</dm:translation>
+</dm:docmanager>
+<abstract>
+<variablelist>
+<varlistentry>
+<term>WHAT?</term>
+<listitem>
+<para>
+View and analyze logs from <command>systemd-journald</command> using the <command>journalctl</command> command-line tool.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>WHY?</term>
+<listitem>
+<para>
+This article provides a complete overview of tasks that can be performed using the <command>journalctl</command> command-line tool.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>EFFORT</term>
+<listitem>
+<para>
+The average reading time of this article is approximately 30 minutes.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>GOAL</term>
+<listitem>
+<para>
+You will be able to view your system logs using <command>journalctl</command>.
+</para>
+</listitem>
+</varlistentry>
+<varlistentry>
+<term>REQUIREMENTS</term>
+<listitem>
+<para>
+You must have &sudo; privileges.
+</para>
+</listitem>
+</varlistentry>
+</variablelist>
+</abstract>
+</merge>
+<module renderas="section" resourceref="_journal-about-journald">
+  <module renderas="section" resourceref="_journald-configure"/>
+  </module>
+  <module renderas="section" resourceref="_journal-structure"/>
+<module renderas="section" resourceref="_journactl-about">
+<module renderas="section" resourceref="_journalctl-usage"/>
+</module>
+<module renderas="section" resourceref="_journald-filter-journals"/>
+
+<module renderas="section" resourceref="_systemd-journald-troubleshooting"/>
+<module resourceref="_legal"/>
+<module resourceref="_gfdl">
+<output renderas="appendix"/>
+</module>
+</structure>
+</assembly>
diff --git a/concepts/journactl-about.xml b/concepts/journactl-about.xml
new file mode 100644
index 000000000..84ed3672a
--- /dev/null
+++ b/concepts/journactl-about.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- This file originates from the project https://github.com/openSUSE/doc-kit -->
+<!-- This file can be edited downstream. -->
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+<topic xml:id="journald-about-journactl"
+ role="concept" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+  <info>
+    <title>The <command>journalctl</command> command</title><!-- can be changed via merge in the assembly -->
+    <!--add author's email address-->
+    <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+    <abstract><!-- can be changed via merge in the assembly -->
+      <para>
+<command>journalctl</command> is a command-line utility used to query and display logs collected by
+the <command>systemd-journald</command>.
+    </para>    
+    </abstract>
+  </info>
+  <para>
+    Because the logging system stores data in a binary format (for performance and security) rather
+    than plain text, you cannot use standard tools like <command>cat</command> or
+    <command>less</command> to open the files directly. So, the <command>journalctl</command>
+    command decodes the data and displays it according to the provided parameters.
+  </para>
+  
+</topic>
diff --git a/concepts/journal-about-journald.xml b/concepts/journal-about-journald.xml
new file mode 100644
index 000000000..c014e17c2
--- /dev/null
+++ b/concepts/journal-about-journald.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+<topic xml:id="concept-about-journald"
+ role="concept" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+  <info>
+    <title>The <command>systemd-journald</command> service</title>
+    <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+    <abstract>
+      <para>
+        <command>journald</command> is a &systemd; service responsible for collecting, indexing, and storing log data. The collected events include  kernel messages, initrd (initial RAM disk) messages,
+        service startup/shutdown, application events, and authentication and session data.
+      </para>
+    </abstract>   
+  </info>
+  <para>
+    On &productname;, the <literal>systemd-journald</literal> service is enabled and started by
+    default. The service logs the data into the journal described in <xref linkend="journal-what-it-is"/>.
+    </para>        
+      
+
+</topic>
diff --git a/concepts/journal-structure.xml b/concepts/journal-structure.xml
new file mode 100644
index 000000000..536f7d58d
--- /dev/null
+++ b/concepts/journal-structure.xml
@@ -0,0 +1,151 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- This file originates from the project https://github.com/openSUSE/doc-kit -->
+<!-- This file can be edited downstream. -->
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+<topic xml:id="journal-what-it-is"
+ role="concept" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+  <info>
+    <title>About the journal</title><!-- can be changed via merge in the assembly -->
+    <!--add author's email address-->
+    <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+    <abstract><!-- can be changed via merge in the assembly -->
+      <para>
+      The journal is a centralized, unified storage system for log data from all sources. It stores events in a structured manner, which helps with error identification and crash recovery.
+      </para>
+    </abstract>
+  </info>
+  <section xml:id="journal-what-it-is-location">
+    <title>Where can I find the journal?</title>
+    <para>
+      By default, <literal>journald</literal> stores the collected data in the volatile memory in
+      <filename>/run/log/journal</filename>, so after reboot the data is lost.
+    </para>
+    <para>
+      If <literal>systemd-journald</literal> is configured to store the logs in a persistent
+      manner, you can find the journal in <filename>/var/log/journal</filename>. See if the
+      directory is there:
+    </para>
+    <procedure>
+      <step>
+        <para>
+          Check if the directory exist:
+        </para>
+          <screen>&prompt.sudo;<command>ls /var/log</command>
+...        
+journal                             
+...
+
+          </screen>
+        
+      </step>
+      <step>
+        <para>If the <filename>/var/log/journal</filename> directory does not exist, create
+        it:</para>
+        <screen>&prompt.sudo;<command>mkdir /var/log/journal</command>     
+        </screen>
+      </step>
+      <step>
+        <para>
+          Set the correct ownership and access permissions:
+        </para>
+        <screen>&prompt.sudo;  systemd-tmpfiles --create --prefix=/var/log/journal</screen>
+      </step>
+      <step performance="optional">
+        <para>
+          To flush the data from RAM to the directory:
+        </para>
+        <screen>&prompt.sudo;  <command>journalctl --flush</command></screen>
+      </step>
+    </procedure>
+    <para>For details about
+      the service configuration, refer to <xref linkend="journal-configure-journald"/>.
+    </para>
+  </section>
+  <section xml:id="journal-what-it-is-structure">
+    <title>The journal log structure</title>
+    <para>
+      The logs are stored in binary format across several files. To view the structure of a log
+      entry, proceed as follows:
+    </para>
+    <screen>&prompt.sudo; <command>journalctl -n 1 -o verbose</command>
+    
+    Fri 2025-12-05 10:52:53.284321 CET [s=5b7ae2e926794210bf832d014f5f560a;i=d49752&gt;
+    _UID=1000
+    _AUDIT_SESSION=3
+    _AUDIT_LOGINUID=1000
+    _SYSTEMD_OWNER_UID=1000
+    _SYSTEMD_UNIT=user@1000.service
+    _SYSTEMD_SLICE=user-1000.slice
+    _MACHINE_ID=d3489468c8534c5d81a2860cf9a2a20e
+    _RUNTIME_SCOPE=system
+    _SELINUX_CONTEXT=unconfined
+    PRIORITY=6
+    _TRANSPORT=syslog
+    _BOOT_ID=d095069bd59b4bc4bf67c8c71999243b
+   SYSLOG_IDENTIFIER=sudo
+    SYSLOG_TIMESTAMP=Dec  5 10:52:53 
+    _PID=25806
+    _COMM=sudo
+    _EXE=/usr/bin/sudo
+    _CMDLINE=sudo journalctl -n 1 -o verbose
+
+    ...
+    </screen>
+    <para>The log entry is a data structure containing the log message and metadata fields:</para>
+    <variablelist>
+      <varlistentry>
+        <term>Timestamp</term>
+        <listitem>
+          <para>
+The exact time the event occurred
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>Source fields</term>
+        <listitem>
+          
+            <itemizedlist>
+  <listitem><para><literal>_PID</literal>: process ID of the sender</para></listitem>
+  <listitem><para><literal>_UID/_GID</literal>: User/Group ID of the sender</para></listitem>
+  <listitem><para><literal>_EXE</literal>: path to the executable</para></listitem>
+  <listitem><para><literal>_COMM</literal>: name of the executable</para></listitem>
+</itemizedlist>          
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>System fields</term>
+        <listitem>
+          <itemizedlist>
+  <listitem><para><literal>_SYSTEMD_UNIT</literal>: The systemd unit (service) that generated the
+  log (for example, <literal>sshd.service</literal>)</para></listitem>
+  <listitem><para><literal>_BOOT_ID</literal>: A unique identifier for the specific system boot session</para></listitem>
+</itemizedlist>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>Kernel fields</term>
+        <listitem><para><literal>_TRANSPORT</literal>: How the message was logged (e.g., kernel, syslog, stdout)</para></listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>Priority level</term>
+        <listitem>
+          <para>A numeric value indicating the severity of the message (0=emerg, 7=debug)</para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </section>
+</topic>
diff --git a/references/journalctl-usage.xml b/references/journalctl-usage.xml
new file mode 100644
index 000000000..13638a9f3
--- /dev/null
+++ b/references/journalctl-usage.xml
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+
+<topic xml:id="journald-journalctl-usage"
+ role="reference" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+
+ <info>
+  <title>Using <command>journalctl</command></title>
+  <abstract>
+    <para>
+This section describes the generic usage of the <command>journalctl</command> command.
+    </para>
+    
+  </abstract>
+  <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+ </info>
+<para>
+   Running <command>journalctl</command> without any options displays all logged messages, usually starting from the oldest, and pipes the output through a pager (like <command>less</command>) for easy navigation.
+  </para>
+ <para>
+   The general syntax of the <command>journalctl</command> command is as follows:
+  </para>
+   <screen>&prompt.sudo;<command>journalctl [OPTIONS...] [MATCHES...]</command></screen>
+   <tip>
+   <title>Messages related to a specific executable</title>
+   <para>
+    To show all journal messages related to a specific executable, specify the
+    full path to the executable:
+   </para>
+<screen>&prompt.sudo;journalctl /usr/lib/systemd/systemd</screen>
+  </tip>
+  <para>
+  
+  </para>
+<para>Listed below are the common  useful options to enhance the default <command>journalctl</command> behavior:</para>  
+  <variablelist>
+   <varlistentry>
+    <term>-f</term>
+    <listitem>
+     <para>
+      Shows only the most recent journal messages, and prints new log entries
+      as they are added to the journal.
+     </para>
+    </listitem>
+   </varlistentry>
+   <varlistentry>
+    <term></term>
+    <listitem>
+     <para>
+      Prints the messages and jumps to the end of the journal, so that the
+      latest entries are visible within the pager.
+     </para>
+    </listitem>
+   </varlistentry>
+   <varlistentry>
+    <term>-r</term>
+    <listitem>
+     <para>
+      Prints the messages of the journal in reverse order, so that the latest
+      entries are listed first.
+     </para>
+    </listitem>
+   </varlistentry>
+   <varlistentry>
+    <term>-k</term>
+    <listitem>
+     <para>
+      Shows only kernel messages. This is equivalent to the field match
+      <literal>_TRANSPORT=kernel</literal>.
+     </para>
+    </listitem>
+   </varlistentry>
+   <varlistentry>
+    <term>-u</term>
+    <listitem>
+     <para>
+      Shows only messages for the specified &systemd; unit. This is equivalent
+      to the field match
+      <literal>_SYSTEMD_UNIT=<replaceable>UNIT</replaceable></literal>.
+     </para>
+<screen>&prompt.sudo;journalctl -u apache2</screen>
+    </listitem>
+   </varlistentry>
+  </variablelist>
+  <para>
+    For a complete list of options refer to man page, man 1 <command>journalctl</command>.
+  </para>
+
+</topic>
diff --git a/tasks/journald-configure.xml b/tasks/journald-configure.xml
new file mode 100644
index 000000000..83f34bb0d
--- /dev/null
+++ b/tasks/journald-configure.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+<topic xml:id="journal-configure-journald"
+ role="task" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+  <info>
+    <title>Configuring <command>systemd-journald</command></title><!-- can be changed via merge
+in the assembly -->
+    <!-- add author's e-mail -->
+    <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+    <abstract><!-- can be changed via merge in the assembly -->
+      <para>
+        You can configure the basic behavior of <command>systemd-journald</command> service by modifying <filename>/etc/systemd/journald.conf</filename>.</para>
+      </abstract>
+  </info>
+  <para>
+    To configure <command>systemd-journald</command>, proceed as follows:
+  </para>
+  <procedure>
+    <title>Configuring <command>systemd-journald</command></title>
+    <step>
+      <para>Open the <command>systemd-journald</command> configuration file:</para>
+<screen>&prompt.sudo; vi /etc/systemd/journald.conf</screen>
+<screen>[Journal]
+
+# Store journals on disk so logs survive reboot
+Storage=persistent
+
+# Disk space limits
+SystemMaxUse=2G
+SystemKeepFree=10%
+
+# Per-file max size
+SystemMaxFileSize=200M
+
+# RAM (runtime) journal limits
+RuntimeMaxUse=500M
+RuntimeKeepFree=10%
+
+# Log retention
+MaxRetentionSec=4weeks
+
+# Compression for old logs
+Compress=yes
+
+# Optional: also forward to rsyslog/syslog
+ForwardToSyslog=yes</screen>
+</step>
+<step>
+  <para>Modify the configurations:</para>
+    <itemizedlist>
+      <listitem>
+      <para>
+        To modify the storage type, modify <command>Storage=auto</command>.</para>
+          <para>The available options are: </para>
+          <itemizedlist>
+            <listitem><para><guimenu>volatile</guimenu>: RAM only (clears on reboot).</para></listitem>
+            <listitem><para><guimenu>persistent</guimenu>: stored in <filename>/var/log/journal</filename>.</para></listitem>
+            <listitem><para><guimenu>auto</guimenu>: persistent if directory exists, otherwise volatile.</para></listitem>
+            <listitem><para><guimenu>none</guimenu>: no logs written to disk or memory.</para></listitem>
+          </itemizedlist>
+          <para>If the journal log data is saved to a persistent location, it uses up to 10% of the file system the <filename>/var/log/journal</filename> resides on. For example, if <filename>/var/log/journal</filename> is located on a 30 GB /var partition, the journal may use up to 3 GB of the disk space. To change this limit, change (and uncomment) the <command>SystemMaxUse</command> option:</para>
+     <screen>SystemMaxUse=50M
+&prompt.sudo; systemctl restart systemd-journald</screen>
+      </listitem>
+      <listitem>
+      <para>To limit the log rate to prevent flooding logs:</para>
+        <screen>RateLimitIntervalSec=30s
+RateLimitBurst=1000</screen>
+    </listitem>
+    <listitem>
+      <para>
+        To send the journal to a terminal device to inform you about system messages on a preferred terminal screen, for example <filename>/dev/tty12</filename>:
+       </para>
+       <screen>ForwardToConsole=yes
+TTYPath=/dev/tty12</screen>
+      </listitem>
+      <listitem>
+        <para>To forward logs to syslog, modify <command>ForwardToSyslog=yes</command>. <literal>journald</literal> is backward compatible with traditional syslog implementations such as rsyslog.</para>
+        <itemizedlist>
+          <listitem><para>Install rsyslog:</para><screen>rpm -q rsyslog</screen></listitem>
+          <listitem><para>Enable rsyslog:</para><screen>systemctl is-enabled rsyslog</screen></listitem>
+          <listitem><para>Enable forwarding to rsyslog in <filename>/etc/systemd/journald.conf</filename>:</para><screen>ForwardToSyslog=yes</screen></listitem>
+        </itemizedlist>
+        <para>For more information on file descriptions, see <command>man 5 journald.conf</command>.</para>
+      </listitem>
+    </itemizedlist>
+    </step>
+    <step><para>Save and restart <command>systemd-journald</command>.</para>
+    <screen>&prompt.sudo; systemctl restart systemd-journald</screen>
+    </step>
+  </procedure>
+</topic>
diff --git a/tasks/journald-filter-journals.xml b/tasks/journald-filter-journals.xml
new file mode 100644
index 000000000..a6743dd7f
--- /dev/null
+++ b/tasks/journald-filter-journals.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+<topic xml:id="journal-filter-journals"
+ role="task" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+  <info>
+    <title>Filtering the journal output</title><!-- can be changed via merge
+in the assembly -->
+    <!-- add author's e-mail -->
+    <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+    <abstract><!-- can be changed via merge in the assembly -->
+      <para>
+   This section describes how to refine searches in logs, for example, by boot number,
+   by a specific time interval, or to view specific data fields. By default, the journal lists 
+   the oldest entries first. The output can be filtered using specific switches and fields.
+  </para></abstract>
+  </info>
+  <para>
+    You can filter journals based on boot number, time interval, and fields. For details, refer to the following sections.
+  </para>
+  <section xml:id="journal-filter-journals-boots">
+    <title>Filter logs based on a specific system boot</title>
+    <para>
+      To list logs for all the available boots, run the command as follows:
+    </para>
+    <screen>&prompt.sudo;journalctl --list-boots</screen>
+    <para>The first column lists the boot offset: <literal>0</literal> for the current boot, <literal>-1</literal> for the previous one,
+    <literal>-2</literal> for the one before that, etc. The second column contains the boot ID followed by the limiting time stamps of the specific
+    boot.</para>
+    <para>
+      To show all messages from the current boot:
+    </para>
+    <screen>&prompt.sudo;journalctl -b</screen>
+    <para>To view journal messages from the previous boot, add an offset
+    parameter. The following example command shows the previous boot messages:</para>
+            <screen>&prompt.sudo;journalctl -b -1</screen>
+    <para>To view boot messages based on the boot ID, <literal>156019a44a774a0bb0148a92df4af81b</literal>:</para>
+    <screen>&prompt.sudo;journalctl _BOOT_ID=156019a44a774a0bb0148a92df4af81b</screen>
+  </section>
+  <section xml:id="journal-filter-journals-time">
+    <title>Filtering logs based on time interval</title>
+    <para>You can filter the output of <command>journalctl</command> by specifying the starting and/or ending date. The date specification should be of the format <literal>YYYY-MM-DD H:MM:SS</literal>. If the time part is omitted, midnight is assumed. If seconds are omitted, <literal>:00</literal> is assumed. If the date part is omitted, the current day is assumed. Instead of a numeric expression, you can specify the keywords <literal>yesterday</literal>,
+    <literal>today</literal> or <literal>tomorrow</literal>. They refer to midnight of the day
+    before the current day, of the current day, or of the day after the current day. If you specify
+    <literal>now</literal>, it refers to the current time. You can also specify relative times
+    prefixed with <literal>-</literal> or <literal>+</literal>, referring to times before or after
+    the current time.</para>
+    
+              <para>To view only new messages since now, and update the output continuously:</para>
+              <screen>&prompt.sudo;journalctl --since "now" -f</screen>
+            <para>To view all messages since last midnight until <literal>3:20am</literal>:</para>
+              <screen>&prompt.sudo;journalctl --since "today" --until "3:20"</screen>
+  </section>
+  <section xml:id="journal-filter-journals-fields">
+    <title>Filtering logs based on fields</title> 
+        
+          <para>You can filter the output of the journal by specific fields. The syntax of a field to be matched is <literal>FIELD_NAME=MATCHED_VALUE</literal>, such
+    as <literal>_SYSTEMD_UNIT=httpd.service</literal>. You can specify multiple matches in a single query to filter the output messages even more. See
+    <command>man 7 systemd.journal-fields</command> for a list of default fields.</para>
+          
+              <para>To view messages produced by a specific process ID: <literal>PID_1039</literal>:</para>
+<screen>&prompt.sudo;journalctl _PID=1039</screen><para>To view messages belonging to a specific user ID: <literal>UID_1000</literal>:</para>
+              <screen>&prompt.sudo; journalctl _UID=1000</screen>
+            <para>To view messages from the kernel ring buffer (the same as <command>dmesg</command> displays):</para>
+              <screen>&prompt.sudo;journalctl _TRANSPORT=kernel</screen>
+            <para>To view messages from the service's standard or error output:</para>
+              <screen>&prompt.sudo;journalctl _TRANSPORT=stdout</screen>
+            <para>To view messages produced by a specified service only:</para>
+              <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service</screen>
+              <para>If two different fields are specified, only entries that match both expressions at the same time are shown:</para>
+              <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1488</screen>
+              <para>If two matches refer to the same field, all entries matching either expression are shown:</para>
+              <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _SYSTEMD_UNIT=dbus.service</screen>
+              <para>You can use the <literal>+</literal> separator to combine two expressions in a logical <literal>OR</literal>. The following example shows all messages from the Avahi service process with the process ID 1480 together with all messages from the D-Bus service:</para>
+              <screen>&prompt.sudo;journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=1480 + _SYSTEMD_UNIT=dbus.service</screen>
+</section>
+</topic>
diff --git a/tasks/systemd-journald-troubleshooting.xml b/tasks/systemd-journald-troubleshooting.xml
new file mode 100644
index 000000000..2b69d8d89
--- /dev/null
+++ b/tasks/systemd-journald-troubleshooting.xml
@@ -0,0 +1,110 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+<topic xml:id="cockpit-troubleshooting-selinux"
+ role="task" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+  <info>
+    <title>Troubleshooting &systemd; errors</title><!-- can be changed via merge
+in the assembly -->
+    <!-- add author's e-mail -->
+    <meta name="maintainer" content="shalaka.harne@suse.com" its:translate="no"/>
+    <abstract><!-- can be changed via merge in the assembly -->
+     <para>
+   This section introduces ways to interpret and fix the log messages retrieved through <command>journalctl</command>.
+  </para>
+      </abstract>
+  </info>
+  <section><title>View &systemd; errors</title>
+<procedure>
+  <step><para>View the list of failed &systemd; units:</para>
+  <screen>systemctl --failed</screen>
+<para>The list of all failed services appears.</para></step>
+  <step><para>Identify the severity and content of the error.</para>
+    <screen>journalctl -p 0..7 -b</screen>
+    <para>The list of errors with priority levels <literal>0 to 7</literal> appears. The errors are marked with priority level:
+    </para>
+    <itemizedlist>
+  <listitem><para><guimenu>0-2</guimenu>: <command>emerg, alert, crit</command>: Critical issues, system collapse imminent.</para></listitem>
+  <listitem><para><guimenu>3</guimenu>: <command>err (Error)</command>: A service or application failed to complete a requested operation.</para></listitem>
+  <listitem><para><guimenu>4</guimenu>: <command>warning </command>: Something undesirable happened but is not an immediate failure.</para></listitem>
+  <listitem><para><guimenu>5-7</guimenu>: <command>notice, info, debug</command>: Normal operational information and developer diagnostics.</para></listitem>
+</itemizedlist>
+</step>
+<step><para>View the error log for the failing service using the following command:</para>
+<screen>journalctl -u &lt;failing_service_name&gt;</screen>
+<para>The lines preceding the termination message include information about the error.</para>
+<itemizedlist>
+  <listitem><para><guimenu>Exit Status</guimenu>: If a service stops, look for a message like <literal>Process xxx exited</literal> with status 1/FAILURE. A status of 0 indicates success. Any nonzero status indicates an error. </para></listitem>
+  <listitem><para><guimenu>Configuration Errors</guimenu>: Messages containing phrases like <literal>No such file or directory</literal>, <literal>Permission denied</literal> or <literal>Address already in use</literal> usually point to a problem in the service's configuration file.</para></listitem>
+  <listitem><para><guimenu>Out-of-Memory (OOM)</guimenu>: The service was terminated because
+   it exceeded memory limits.</para></listitem>
+ </itemizedlist>
+</step>
+<step><para>Use detailed views of logs to get detailed information about the error.</para>
+<screen>journalctl -xe</screen>
+<para>For example, to view all messages from the Apache service during the current boot with detailed explanations, run the following command:</para>
+<screen>journalctl -u httpd.service -b -xe</screen></step>
+</procedure>
+</section>
+<section>
+  <title>Troubleshoot &systemd; error</title>
+<procedure>
+    <para>
+   This section introduces an example to illustrate how to find and fix
+   the error reported by &systemd; during <command>apache2</command> start-up.</para>
+    <step>
+    <para>Start the apache2 service:</para>
+<screen>systemctl start apache2
+Job for apache2.service failed. See 'systemctl status apache2' and 'journalctl -xn' for details.</screen>
+   </step>
+   <step><para>View the service status:</para>
+<screen>&prompt.sudo;systemctl status apache2
+apache2.service - The Apache Webserver
+   Loaded: loaded (/usr/lib/systemd/system/apache2.service; disabled)
+   Active: failed (Result: exit-code) since Tue 2025-09-03 11:08:13 EDT; 7min ago
+  Process: 11026 ExecStop=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND \
+           -k graceful-stop (code=exited, status=1/FAILURE)</screen>
+    <para>The ID of the process causing the failure is 11026.</para>
+   </step>
+   <step>
+    <para>View the verbose version of messages related to process ID 11026:</para>
+<screen>&prompt.sudo;journalctl -o verbose _PID=11026
+[...]
+MESSAGE=AH00526: Syntax error on line 6 of /etc/apache2/default-server.conf:
+[...]
+MESSAGE=Invalid command 'DocumenttRoot', perhaps misspelled or defined by a module
+[...]</screen>
+   </step>
+   <step><para>Fix the typo inside <filename>/etc/apache2/default-server.conf</filename>, start the apache2 service, and print its status:</para>
+<screen>&prompt.sudo;systemctl start apache2 &amp;&amp; systemctl status apache2
+apache2.service - The Apache Webserver
+   Loaded: loaded (/usr/lib/systemd/system/apache2.service; disabled)
+   Active: active (running) since Tue 2025-09-03 11:26:24 EDT; 4ms ago
+  Process: 11026 ExecStop=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND
+           -k graceful-stop (code=exited, status=1/FAILURE)
+ Main PID: 11263 (httpd2-prefork)
+   Status: "Processing requests..."
+   CGroup: /system.slice/apache2.service
+           ├─11263 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
+           ├─11280 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
+           ├─11281 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
+           ├─11282 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
+           ├─11283 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
+           └─11285 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf -D [...]
+</screen>
+   </step>
+  </procedure>
+  </section>
+</topic>