I see this all the time too. PubKey authentication only, Fail2Ban and no root logins help to keep the log clutter to a minimum.
After finally weening myself off of using the root account locally I now just lock root completely. "sudo passwd -l root". Doesn't disable root so "sudo su -" still works but you can't login directly as root when the password is locked.
Although there is less traffic in the logs now I still get some entries before F2B kicks in and I find some of the non-root attempts very amusing... oracle, admin, ftp, PlcmSpIp, zhangyan
Some are obvious service user account attempts and some are just weird!