Currently Splunk extracting timestamp from field "event_sec". Field event_sec missing sub-seconds, it only contains epoch time for date and time without milliseconds. Same raw event contains another field "event_usec", or "packet_usec" with milliseconds values.

Is it possible to concatenate field values from event_sec, and event_usec, packet_usec to extract timestamp with sub seconds?
Example: event_sec.event_usec (1523526586.184699) at index time
Fields event_usec, packet_usec contains milliseconds time, event will contains either of the fields or sometimes only event_sec will exist.

Sample event 1:
rec_type=2 event_id=12778 event_sec=1523526586 link_type=1 packet=0025b packet_len=5 packet_sec=1523526586 event_usec=184699 rec_type_desc="Packet Data" rec_type_simple=PACKET sensor=hostname

Sample event 2:
rec_type=2 event_id=12778 event_sec=1523526586 link_type=1 packet=0025b packet_len=5 packet_sec=1523526586 packet_usec=184699 rec_type_desc="Packet Data" rec_type_simple=PACKET sensor=hostname

Sample event 3:
rec_type=2 event_id=12778 event_sec=1523526586 link_type=1 packet=0025b packet_len=5 packet_sec=1523526586 rec_type_desc="Packet Data" rec_type_simple=PACKET sensor=hostname

Present index time _time field extraction: 4/12/18 4:49:46.000 AM
Required index time _time field extraction: 4/12/18 4:49:46.184 AM

I can achieve same results via search time field extraction, but I would need it from index time itself. Please help.

Existing props.conf

[source::eStreamer]
SHOULD_LINEMERGE = false
TRUNCATE = 0
TIME_PREFIX = event_sec=