Reporting

What does outputcsv add to

jessieb_83
Explorer

Trying to figure out what gets added upon running OUTPUTCSV vs manually exporting to CSV and how to remove it.

We run a weekly audit I'd like to automate and then run a script to zip the resulting file.

I did some experimenting and found that using outputcsv or outputlookup instead of exporting manually is almost tripling the file size of the output, from 300 Mb to 1.11 Gb.

Exact same search criteria, the exact same time range, returning the exact same number of results.

I also checked https://docs.splunk.com/Documentation/Splunk/8.0.5/SearchReference/Outputcsv and removed the internal fields it listed as being added.

Any insight here would be great!

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

REGISTER NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more ...

Security Highlights | November 2022 Newsletter

 November 2022 2022 Gartner Magic Quadrant for SIEM: Splunk Named a Leader for the 9th Year in a RowSplunk is ...

Platform Highlights | November 2022 Newsletter

 November 2022 Skill Up on Splunk with our New Builder Tech Talk SeriesCan you build it? Yes you can! *play ...