Hi, by specifying OUTPUT as part of your lookup command, it will overwrite fields in your results with the value from the lookup if the fields match. e.g:
sourcetype=access_* | stats count by status | lookup status_desc status OUTPUT description
In this example, any previous description field will be overwritten.
However, if the field in your event is called myDescription then you would use:
sourcetype=access_* | stats count by status | lookup status_desc status OUTPUT description AS myDescription
I hope this helps.
... View more