Hi, I used to work on Splunk but stopped 2 years ago and now I'm rusty.
Could someone help me with this issue ?

I have a firewall log and it has the port/protocol the user access, each one in you field ( dst_port - ex 443, transport - UDP/TCP ) and the service field like 443/tcp.

First made a table (with works) to display the most used port/protocol:

 |top service

Now, I'd like to show that table but with the name/description of that protocol. Soo I downloaded IANA' s App and installed. Then I created a automatic Lookup that gets the dst_pot and protocol and outputs it's "Service Name" and "Service Description" fields.
When I perform a search (like the above), I can see the new fields on field list.
But when I create de table those new fields are always empty. Tried a lot of other variations of commands but none works:

|chart count by service | table "Service Name", "Service Description", service, count
|top service | table "Service Name", "Service Description", service, count

What am I doing wrong here ?
Thanks.