I am having a problem with the csv-parser.  I expect the parser to not include the single quotes in the MACRO (column). 

It does not include the single quotes for the first column (id) but they are included for every column after the first one.

Relevent details below:

parser p_apistats     { db-parser(file("/etc/syslog-ng/apilogs.xml"));};

parser p_apistats returns ${VALUES} = 'b8144eea3646a7bc47169e0b9cc5f575', '555.55.55.555', 'web07.myhost.com'

parser p_apistatscsv {

        csv-parser(columns(id, ip, host)

        delimiters(",")

        flags(greedy,strip-whitespace)

        template("${VALUES}"));

        };

destination d_test { file("/var/log/splunk/$HOST" template("{  \"id\" : \"${id}\" \"ip\" : \"${ip}\" \"host\" : \"${host}\" }\n")); };

log { source(s_remote); parser(p_apistats); parser(p_apistatscsv); destination(d_test); };

Results:

{ "id" : "b8144eea3646a7bc47169e0b9cc5f575" "ip" : "'555.55.55.555'" "host" : "'web07.myhost.com'" }