My search is

sourcetype="LOG" "TXN.ID" | streamstats range(_time) as ElapsedTime by TransactionID | table _time ElapsedTime TransactionID

result is

_time ElapsedTime TransactionID
7/19/12 11:49:54.052 AM 0.000000 f445acb8-4e1a-45c3-b059-dd3ef9eb7c41 Txn Complete: 410369998 11:49:53 19 JUL 2012 ACCOUNT
7/19/12 11:49:53.902 AM 0.000000 f445acb8-4e1a-45c3-b059-dd3ef9eb7c41

7/19/12 11:49:53.650 AM 0.000000 5da309ed-8944-40b3-a72d-45353a792d15 Txn Complete: 410369982 11:49:53 19 JUL 2012 ACCOUNT
7/19/12 11:49:52.784 AM 0.000000 5da309ed-8944-40b3-a72d-45353a792d15

_raw field

I0719 11:49:54.052211 7423 log_c.cpp:42] [manoj] [DEMOTEST9-] [TXN.ID] TRANSACTION_END TransactionID=f445acb8-4e1a-45c3-b059-dd3ef9eb7c41 Txn Complete: 410369998 11:49:53 19 JUL 2012 ACCOUNT, I

I0719 11:49:52.051244 7423 log_c.cpp:32] [manoj] [DEMOTEST9-] [TXN.ID] TRANSACTION_BEGIN TransactionID=f445acb8-4e1a-45c3-b059-dd3ef9eb7c41

Why TransactionID field not terminating after space?