Hello @Development , According to the introduction in the documentation, the LogonIp property describes the IP address that initiates the login request.
Regardless of the severity level of the warning. So please check if the status of the logged in user is the cause of the logonIp being empty. Hope it can help you.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.