What does outputcsv add to

Reporting

Trying to figure out what gets added upon running OUTPUTCSV vs manually exporting to CSV and how to remove it.

We run a weekly audit I'd like to automate and then run a script to zip the resulting file.

I did some experimenting and found that using outputcsv or outputlookup instead of exporting manually is almost tripling the file size of the output, from 300 Mb to 1.11 Gb.

Exact same search criteria, the exact same time range, returning the exact same number of results.

I also checked https://docs.splunk.com/Documentation/Splunk/8.0.5/SearchReference/Outputcsv and removed the internal fields it listed as being added.

Any insight here would be great!

Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now! In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...