i have to calculate the average in a stream manner between "reqestTimestamp" to "requestTimestamp" for a given user, but I am not sure if streamstats look for that times and sort them in beforehand, it seems is mixing arrival times with this specified time, as I am getting negative values.
woodcock has given you code to pull the timestamp, and suggested the use of delta rather than streamstats for calculating the time difference. Delta is a great tool, but it needs to be enhanced with a "by field" option, to make this kind of thing easier.
Since you are calculating this on a PER USER basis, in a single search, delta is probably too much trouble to work with. Instead, use ...
| streamstats avg(requestTimestamp) as avgTimestamp by user window=2
| eval deltaTimestamp = 2*( requestTimestamp -avgTimestamp)
And, before you do the above, you need to convert the timestamp and sort the file by user/timestamp to handle your record order issue..