Hi Azmath,

What exactly are you looking with this time format?

Below is to query convert your time to epoch:

|stats c|eval urtime="2017-02-03T05:54:20.022Z"|eval desiredtimeepoch=strptime(urtime,"%Y-%m-%dT%H:%M:%S.%3N%Z")|table desiredtimeepoch

If you are looking to format the time you can use this query and do modifications as per your requirement:

|stats c|eval urtime="2017-02-03T05:54:20.022Z"|eval desiredtimeepoch=strptime(urtime,"%Y-%m-%dT%H:%M:%S.%3N%Z")|eval formattedtime=strftime(desiredtimeepoch,"%Y%m%d")|table desiredtimeepoch,formattedtime