diff --git a/src/afterfact.rs b/src/afterfact.rs
index d0bca5eb..4041c363 100644
--- a/src/afterfact.rs
+++ b/src/afterfact.rs
@@ -295,7 +295,7 @@ fn emit_csv<W: std::io::Write>(
                 // csv output format
                 wtr.serialize(CsvFormat {
                     timestamp: &time_str,
-                    level: &level,
+                    level: level_abbr.get(&level).unwrap_or(&level).trim(),
                     computer: &detect_info.computername,
                     event_i_d: &detect_info.eventid,
                     channel: &detect_info.channel,