when you send in syslog data and source is shown as IP - then the device is sending the IP as source in the syslog message.
To map this IP to a hostname you would use the Lookup Tables ( http://docs.graylog.org/en/2.4/pages/lookuptables.html ) to map this IP to a hostname. For that you need to create a CSV File (or DSV) that contains the mapping from IP to hostname. Then you can use one extractor or the processing pipelines to make the lookup and replacemend.
Upcoming versions of Graylog will also have a DNS Lookup Table that enables you to just query DNS for that data.