The easiest answer is that some events are logged by name while others are logged by IP, but let me back up and explain
The "IP Address" field is effectively a shorthand field that is the same as saying "DetectionIP OR InsertionIP OR SourceMachine OR DestinationMachine OR... " for all fields where LEM knows IP addresses/hostnames are found regardless of event type, so it's like an easy way to say "if you see this IP or hostname anywhere in the event, return that event to me."
Since different data sources can log events differently, when you search for an IP or hostname in the IP Address field, what you might find is that IP/hostname is found in log messages from OTHER devices. Those OTHER devices might only know it by its IP address (like a network device) while some will know it only by its hostname/NetBIOS name (like other windows PCs if it's a windows PC) while others might have both (like a DC if it's a windows PC).
All of that means you'll see different results when searching by IP or hostname, but it's kind of the nature of the beast. Not all log sources do DNS resolution, so you kind of get what you get. You could search for both with an OR (IP Address = hostname OR IP Address = IP).
Alternatively if what you actually want are all events that system has reported (not all events from all sources that have that IP address in them), you would probably be interested in searching by either DetectionIP or InsertionIP.