It's interesting that /opt/splunk/etc/datetime.xml shows -

<define name="_time" extract="hour, minute, second, subsecond, ampm, zone">
       <text><![CDATA[(?<!\d)]]></text>
        <use name="_hour"/>
        <text><![CDATA[:]]></text>
        <use name="_minute"/>
        <text><![CDATA[:]]></text>
        <use name="_second"/>
        <text><![CDATA[(?:(?: \d{4})?[:,\.](\d+))? {0,2}]]></text>
        <use name="_ampm"/>
        <text><![CDATA[ {0,2}]]></text>
        <use name="_zone"/>
        <text><![CDATA[(?!:\d)]]></text>
</define>

Meaning, Splunk can understand the rather unusual time format.