From cec5e04cbff7eb8f5abf58fe159e8936cc00c2e1 Mon Sep 17 00:00:00 2001
From: Florent Le Borgne <florent.leborgne@elastic.co>
Date: Fri, 3 Oct 2025 16:02:46 +0200
Subject: [PATCH 1/3] [ES|QL] Docs for lookup join UX improvements in Kibana
 and support for remote lookup indices

---
 explore-analyze/discover/try-esql.md          | 57 +++++++++++++++++++
 .../query-filter/languages/esql-kibana.md     |  3 +
 2 files changed, 60 insertions(+)

diff --git a/explore-analyze/discover/try-esql.md b/explore-analyze/discover/try-esql.md
index e52e76b621..7984da2cf2 100644
--- a/explore-analyze/discover/try-esql.md
+++ b/explore-analyze/discover/try-esql.md
@@ -130,3 +130,60 @@ FROM kibana_sample_data_ecommerce
 :alt: ESQL query with a custom time field enabled
 :::
 
+### Create and edit lookup indices from LOOKUP JOINs commands [discover-esql-lookup-join]
+```{applies_to}
+stack: preview 9.2
+serverless: preview
+```
+
+In **Discover**, LOOKUP JOIN commands include interactive options that let you create or edit lookup indices directly from the editor.
+
+#### Create a lookup index from the editor
+
+You can create a lookup index directly from the ES|QL editor. To populate this index, you can type in data manually or upload a CSV file up to 500 MB.
+
+To create lookup indices, you need the [`create_index`](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-indices) {{es}} privilege on the corresponding pattern.
+
+1. In your {{esql}} query, add a `LOOKUP JOIN` command. For example:
+   ```esql
+   FROM kibana_sample_data_logs
+   | LOOKUP JOIN
+   ```
+   Add a space after the command. The editor suggests existing lookup indices and offers to create one. You can also type an index name in your query. If it doesn't exist, the editor suggests to create it.
+
+2. Select the **Create lookup index** suggestion that appears in the autocomplete menu.
+
+3. Define a name for the lookup index, then validate it. 
+   - It must not contain spaces nor any of the following characters: `\`, `/`, `*`, `?`, `<`, `>`, `|`, `:`, and `#`.
+   - It must not start with `-`, `_`, or `+`.
+
+4. Provide the data of the lookup index. You can choose between:
+   - **Uploading a CSV file up to 500 MB**. When uploading a file, you can preview the data and inspect the file's content before it is imported. If possible issues are detected, a **File issues** tab with more details also appears before you validate the import.
+   - **Adding data manually**. To do that, you can add rows and columns, and edit cells directly.
+   - **Using a combination of both methods**. You can upload a file after adding data manually, and edit or expand data imported from a file.
+
+   :::{tip}
+   You can explore your index using the search field, or in a new Discover session by selecting **Open in Discover**. If you choose to open it in Discover, a new browser tab opens with a prefilled {{esql}} query on the index.
+   :::
+
+5. **Save** any unsaved changes, then **Close** the index editor to return to your query.
+
+Your new index is automatically added to your query. You can then specify the field to join using `ON <field_to_join`.
+
+#### View or edit a lookup index from the editor
+
+You can view and modify existing lookup indices referenced in an {{esql}} query directly from the editor, depending on your privileges:
+- To edit lookup indices, you need the [`write`](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-indices) {{es}} privilege.
+- To view lookup indices in read-only mode, you need the [`view_index_metadata`](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-indices) {{es}} privilege.
+
+1. In the {{esql}} query, hover over the lookup index name.
+
+2. Select the **Edit lookup index** or **View lookup index** option that appears. A flyout showing the index appears.
+
+3. Depending on your permissions and needs, explore or edit the index.
+
+   :::{note}
+   Editing a lookup index affects all {{esql}} queries that reference it. Make sure that your changes are compatible with existing queries that use this index.
+   :::
+
+4. If you made changes, select **Save** before closing the flyout.
\ No newline at end of file
diff --git a/explore-analyze/query-filter/languages/esql-kibana.md b/explore-analyze/query-filter/languages/esql-kibana.md
index 195e3e9f41..b97de30273 100644
--- a/explore-analyze/query-filter/languages/esql-kibana.md
+++ b/explore-analyze/query-filter/languages/esql-kibana.md
@@ -228,8 +228,11 @@ FROM kibana_sample_data_logs
 
 The ES|QL editor supports [`LOOKUP JOIN`](elasticsearch://reference/query-languages/esql/commands/processing-commands.md#esql-lookup-join) commands and suggests lookup mode indices and join condition fields.
 
+{applies_to}`stack: ga 9.2` You can also use lookup indices from your remote clusters.
+
 ![Using the LOOKUP JOIN command to autocomplete an ES|QL query](https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte43a30a93241d650/67c23670045f5839e5bfd1e4/lookup-join-demo.gif)
 
+In **Discover**, LOOKUP JOIN commands let you create or edit lookup indices directly from the editor. Find more information in [](/explore-analyze/discover/try-esql.md#discover-esql-lookup-join).
 
 ### Keyboard shortcuts
 

From f3d59b41f8971a678eda73e7d000aae1e0519518 Mon Sep 17 00:00:00 2001
From: Florent Le Borgne <florent.leborgne@elastic.co>
Date: Fri, 3 Oct 2025 16:13:32 +0200
Subject: [PATCH 2/3] small edits

---
 explore-analyze/discover/try-esql.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/explore-analyze/discover/try-esql.md b/explore-analyze/discover/try-esql.md
index 7984da2cf2..bfad9db325 100644
--- a/explore-analyze/discover/try-esql.md
+++ b/explore-analyze/discover/try-esql.md
@@ -158,7 +158,7 @@ To create lookup indices, you need the [`create_index`](elasticsearch://referenc
    - It must not start with `-`, `_`, or `+`.
 
 4. Provide the data of the lookup index. You can choose between:
-   - **Uploading a CSV file up to 500 MB**. When uploading a file, you can preview the data and inspect the file's content before it is imported. If possible issues are detected, a **File issues** tab with more details also appears before you validate the import.
+   - **Uploading a CSV file up to 500 MB**. When uploading a file, you can preview the data and inspect the file's content before it is imported. If issues are detected, a **File issues** tab with more details also appears before you validate the import.
    - **Adding data manually**. To do that, you can add rows and columns, and edit cells directly.
    - **Using a combination of both methods**. You can upload a file after adding data manually, and edit or expand data imported from a file.
 
@@ -168,7 +168,7 @@ To create lookup indices, you need the [`create_index`](elasticsearch://referenc
 
 5. **Save** any unsaved changes, then **Close** the index editor to return to your query.
 
-Your new index is automatically added to your query. You can then specify the field to join using `ON <field_to_join`.
+Your new index is automatically added to your query. You can then specify the field to join using `ON <field_to_join>`.
 
 #### View or edit a lookup index from the editor
 
@@ -176,6 +176,8 @@ You can view and modify existing lookup indices referenced in an {{esql}} query
 - To edit lookup indices, you need the [`write`](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-indices) {{es}} privilege.
 - To view lookup indices in read-only mode, you need the [`view_index_metadata`](elasticsearch://reference/elasticsearch/security-privileges.md#privileges-list-indices) {{es}} privilege.
 
+To view or edit an index:
+
 1. In the {{esql}} query, hover over the lookup index name.
 
 2. Select the **Edit lookup index** or **View lookup index** option that appears. A flyout showing the index appears.

From 1e5a8efa966b410b8ca015ff8bd2de32069a44c6 Mon Sep 17 00:00:00 2001
From: florent-leborgne <florent.leborgne@elastic.co>
Date: Fri, 3 Oct 2025 16:52:12 +0200
Subject: [PATCH 3/3] Update explore-analyze/discover/try-esql.md

---
 explore-analyze/discover/try-esql.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/explore-analyze/discover/try-esql.md b/explore-analyze/discover/try-esql.md
index bfad9db325..f5aff2ee09 100644
--- a/explore-analyze/discover/try-esql.md
+++ b/explore-analyze/discover/try-esql.md
@@ -130,7 +130,7 @@ FROM kibana_sample_data_ecommerce
 :alt: ESQL query with a custom time field enabled
 :::
 
-### Create and edit lookup indices from LOOKUP JOINs commands [discover-esql-lookup-join]
+### Create and edit lookup indices from queries [discover-esql-lookup-join]
 ```{applies_to}
 stack: preview 9.2
 serverless: preview