To keep from overwriting existing fields with your Lookup you can use the ____________ clause.

I believe the answer is outputnew
The main difference between the output new and the output is that outputnew won't overrite the alredy existing description field.
If you don't put this clause, Splunk would adds all the field names and values to your events by through the lookup.

Answer Link

Martebi Martebi · Answer 2 · 2021-11-02T14:49:13+01:00

To keep from overwriting existing fields with your Lookup you can use the outputnew clause.

The Output commands includes output new, output name, output activate etc. They help to provide the capacity to programmatically manage one or many output documents.

The Output New command is known to produce a new output document, that is therefore uses as the designated output document. Thereafter, procedure output is aimed to the new output document until the document is the closed or another output document is made, opened, or activated.

The created output document which is the new one is provided with a unique name.

Conclusively, The basic specification for Output New is that of the command name.

Learn more from

https://brainly.com/question/13866798