TransactionEndTime=2017-02-20T05:11:16.255-05:00;
TransactionStartTime=2017-02-20T05:11:16.216-05:00;
Use the strptime()
function in the eval
command with the appropriate date and time variables to convert, something like %FT%T.%3N%Z
.
http://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/Eval
http://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/CommonEvalFunctions
http://docs.splunk.com/Documentation/Splunk/6.5.2/SearchReference/Commontimeformatvariables