Thanks @diogofgm you got me started down the correct path. With a little tweeking, here is what worked for me. | eval body.timestamp=strptime('body.timestamp',"%Y-%m-%dT%H:%M:%S.%7NZ")
| convert timeformat="%Y-%m-%d %H:%M:%S" ctime(body.timestamp) as timestamp2
... View more