The short answer is that these events are from when the user was created or first registered for an application.

When a user is first created, or registered for an application we create a login event because we generate a JWT and optionally a Refresh Token for the user.

In these cases, we do not have an IP address to record in the login event.

We have discussed adding the IP address from the API request, but this is likely a back end system or internal service and the IP address would not represent the location of the end user, and so would likely not be of great use.