All,
I am attempting to generate my asset list from our asset_discover system via this search -
sourcetype="assets:linux" index=asset_discovery |
dedup host |
table ip,mac,nt_host,dns,owner,priority,lat,long,city,country,bunit,category,pci_domain,is_expected,should_timesync,should_update,requires_av |
outputcsv assets
From there my plan was to have a job move assets over to the correct location nightly. However the CSV that is generated is creating a CSV header which has field names in quotes, while the official app does not. Is there a trick to this?
e.g. My search generates this, note the quotes that I have no idea where they came from.
ip,mac,"nt_host",dns,owner,priority,lat,long,city,country,bunit,category,"pci_domain","is_expected","should_timesync","should_update","requires_av"
here is the official app -
ip,mac,nt_host,dns,owner,priority,lat,long,city,country,bunit,category,pci_domain,is_expected,should_timesync,should_update,requires_av
I tried the trim command, but that appending the `“` seems to happen after the search process. Anything I can do to make this go away? I am thinking I am gonna script the fix in bash, but I feel like I shouldn’t have to.
↧