Please tell me how to make the output replace some characters in the field definitions.

Specifically, the problem is that the following two formats of Mac Address in multiple logs imported into Splunk are mixed.
AA:BB:CC:00:11:22
AA-BB-CC-00-11-22
I would like to unify the MacAddress field in the log in the form of “AA:BB:CC:00:11:22” in advance, because I would like to link the host name from MacAddress in the automatic definition of LookUpTable.

Put the following in the search field and output the modified one as “MacAddr”,
index=“Log” | rex ^. +? \scli\s}? <CL_MacAddr>. +? (. +?)) \) | eval MacAddr = replace(CL_MacAddr,“-”,“:”)

Alternatively, we could replace the existing field “CL_MacAddr” with a modified version as follows.
index=“Log” | rex mode=sed field=“CL_MacAddr” “s/-/:/g”

I am trying to set this in the GUI's field extraction and field transformation to always have the modified superscript, but it does not work.
Or can it be set directly in transforms.conf, but in this case, what values can be set and where?

I know this is basic, but I would appreciate your help.
Thank you in advance.