I have a pretty weird question. I have a query that I have saved and is emailing out nightly. In the query I have used the 'fields' option to lay out the report in the order I want. When I get my nightly report with .csv attached the fields are not in the correct order, but if I click the link in the email (or go to the saved search in the Web UI) they are in the correct order.

My query is listed below for reference but this is happening with several queries.

Name: 'Service Calls by Time' 

Query Terms: 'index=app-myapp sourcetype="AccessLog" ServiceName="*" | stats count, avg(ResponseTime) as AverageResposeTime, min(ResponseTime) as MinResponsetime, max(ResponseTime) as MaxResponsetime, stdev(ResponseTime) as STDDevResponseTime by ServiceName, AccessLogsHTTPResposeCode | eventstats sum(count) as total_hits by ServiceName| eval percent_errors=(100 - (count/total_hits)*100) | eval server_errors(500s)=(total_hits-count) | eval success=(count) | where AccessLogsHTTPResposeCode=200| fields ServiceName, success, server_errors(500s), percent_errors, total_hits, AverageResposeTime,MinResponsetime, MaxResponsetime,STDDevResponseTime | sort - total_hits'

from last nights .csv the output fields are in the following order

success, MaxResponsetime, ServiceName, server_errors(500s), percent_errors, AverageResposeTime, STDDevResponseTime, MinResponsetime, total_hits

Also in writing this question I went back and reviewwed the past 7 days worth or reports and the fields seem to be consistent in how they are wrong.

But if I run interactively they look fine.

Brian