Hello,
I have a lookup filled with IP's and time that the event happens on that time. I have a search that gets IP's from a lookup and tries to learn which hosts got that IP's form dhcp. But my search doesn't work for every IP's in lookup for some reason I don't know. For example:

As you can see I have 10.60.xx and 10.3.4.x.x IP's in my lookup. But the result returns me the hostnames only for the 10.60.x.x IP. But when I try to search hostname for 10.34.x.x by manually, I can get it from logs. I want to know why is my search with lookup not working properly? By the way my search is :
index=xxx sourcetype=yyy "Lease granted to"
| lookup vpn.csv srcip AS dest_ip
| search Time=*
| eval event_time=strptime(Time,"%Y-%m-%d %H:%M:%S")
| where _time < event_time
| stats latest(dest_nt_host) as dest_nt_host by dest_ip

I don't think that my search is wrong because the returned hostnames are true.