Thank you for posting in our Q&A forum.
Hope the information provided by BillLight is helpful to you.
Usually, we can see the three options in the security log Properties or other logs Properties.
Overwrite events as needed (oldest events first).
Archive the log when full, do not Overwrite events.
Do not Overwrite events(Clear logs manually).
You can check if you are in one situation of the three options above. It seems either the log is overwrite or the log is clear manually by default.
If not, we can check if the "modified time" is changed. I manually delete a event ID, then the "modified time" is changed as the same time I perform the deletion operation.
And after I delete one event ID, I can see the event ID 1102 (log clear) in the security log.
You can try to check. Hope the information above is helpful.
If the Answer is helpful, please click "Accept Answer" and upvote it.