Please see the below events timestamp with _raw time stamp it seems like _raw time stamp assigning minutes as HRS and seconds as minutes to _time event time stamp.
_time _raw
2017-10-10T16:09:00.000-0400 [10/10/2017 9:16:09] insert into #temp_ord_version values ( *****, ******, 169, 169 )
2017-10-10T16:09:00.000-0400 [10/10/2017 9:16:09] insert into #temp_ord_version values ( *****, ****, 18, 18 )
2017-10-10T16:09:00.000-0400 [10/10/2017 9:16:09] insert into #temp_ord_version values ( *****, *****, 20, 20 )
_time time stamp -> 2017-10-10T16:09:00.000-0400 -> minutes as HRS and seconds as minutes to _time event time stamp from _raw
_raw time stamp -> [10/10/2017 9:16:09]
↧