Splunk Enterprise 7.2.0

I have my query:

index="_itrospection" component ="hostwide" | timechart max(data.mem.mem_used) as Current by splunk_server

In the legend I see the splunk_server descriptions based on hostnames.

I created lookup indexers.csv:
indexer,site
hostname1,Site-1
hostname2,Site-2

How can I use lookup to replace splunk_server fields by lookup field site?