Apply suggestions from code review

Co-authored-by: Liam Thompson <[email protected]>

Author: georgewallace

docs/reference/query-languages/esql/esql-commands.md

@@ -665,7 +665,7 @@ FROM employees
 
 ## `LOOKUP JOIN` [esql-lookup-join]
 
-`LOOKUP JOIN` is useful for any scenario where you need to pull in information from a lookup index to streamline data enrichment and analysis.
+`LOOKUP JOIN` enables you to add data from another index, AKA a 'lookup' index, to your {esql} query results, simplifying data enrichment and analysis workflows.
 
 **Syntax**
 
@@ -681,7 +681,10 @@ TBD
 
 **Description**
 
-TBD
+The `LOOKUP JOIN` command adds new columns to your {esql} query results table by finding documents in a lookup index that share the same join field value as your result rows.
+
+For each row in your results table that matches a document in the lookup index based on the join field, all fields from the matching document are added as new columns to that row.
+If multiple documents in the lookup index match a single row in your results, the output will contain one row for each matching combination.
 
 **Examples**
 

docs/reference/query-languages/esql/esql-enrich-data.md

@@ -15,7 +15,7 @@ For example, you can use `ENRICH` to:
 * Add product information to retail orders based on product IDs
 * Supplement contact information based on an email address
 
-[`ENRICH`](/reference/query-languages/esql/esql-commands.md#esql-enrich) is similar to [`LOOKUP join`](/reference/query-languages/esql/esql-commands.md#esql-lookup-join) in the fact that they both help you join data together. You should use `ENRICH` when:
+[`ENRICH`](/reference/query-languages/esql/esql-commands.md#esql-enrich) is similar to [`LOOKUP join`](/reference/query-languages/esql/esql-commands.md#esql-lookup-join) as both commands allow you to combine data from different sources. You should use `ENRICH` when:
 
 * Enrichment data doesn't change frequently
 * You can accept index-time overhead

docs/reference/query-languages/esql/esql-lookup-join.md

@@ -10,7 +10,7 @@ The {{esql}} [`LOOKUP join`](/reference/query-languages/esql/esql-commands.md#es
 
 For example, you can use `LOOKUP JOIN` to:
 
-* Pull in environment or ownership details for each host to correlate your metrics data.
+* Retrieve environment or ownership details for each host to correlate your metrics data.
 * Quickly see if any source IPs match known malicious addresses.
 * Tag logs with the owning team or escalation info for faster triage and incident response.
 
@@ -96,7 +96,7 @@ The following are the current limitations with `LOOKUP JOIN`
 
 * `LOOKUP JOIN` will be sucessfull if both left and right type of the join are both `KEYWORD` types or if the left type is of `TEXT` and the right type is `KEYWORD`.
 * Indices in [lookup](/reference/elasticsearch/index-settings/index-modules.md#index-mode-setting) mode are always single-sharded.
-* Cross cluster search is unsupported. Both source and lookup indicies must be local.
+* Cross cluster search is unsupported. Both source and lookup indices must be local.
 * `LOOKUP JOIN` can only use a single match field, and can only use a single index. Wildcards, aliases, datemath, and datastreams are not supported.
 * The name of the match field in `LOOKUP JOIN lu_idx ON match_field` must match an existing field in the query. This may require renames or evals to achieve.
 * The query will circuit break if many documents from the lookup index have the same key. A large heap is needed to manage results of multiple megabytes per key.