I would say that lookups that translate things into human, for example protocol numbers like 6 and 17 are TCP and UDP would be a good candidates. In this specific case the data set is limited, and, instead of doing all ~150 in a lookup you could do like the top 10 or 20 and even just put those into a regular .props "case" statement instead of a lookup.

One of the other main usecases I've used is user enrichment, where you have log events with users and everytime you want to investigate something you always need to know who is this user, what department are they in, what is their SAM acct, their phone, their email, the last time their password was changed, etc.