Stealer log breaches are typically comprised of large volumes of data, often aggregated from multiple sources. They're created by criminals seeking to monetise their victims' personal information, and the data quality and consistency can vary wildly.
Typical stealer log entries appear like this:
https://netflix.com/login:jane@gmail.com:P@ssw0rd https://netflix.com/login:andy@gmail.com:abc123 https://spotify.com/auth:jane@gmail.com:qwerty https://spotify.com/auth:max@yahoo.com:baseball
They consist of a website, an email address and a password. Stealer log entries such as this are loaded into HIBP and can be viewed either in the dashboard or queried via the API.
However, some email addresses may appear in stealer logs that do not adhere to a consistent, parseable fashion. Especially in very large corpora of data, there are often addresses that do not sit alongside websites such as those listed above. These addresses are still loaded into HIBP, but will not appear in specific stealer log searches or in the stealer logs column of your domains: