Need some help in understanding how the _time, timestamp default fields are extracted. Raw event as mentioned below and the field values extracted for respective event is as mentioned below. As can clearly be seen  I dont see anything that could relate to the value extracted in _time field. Any pointer related to this would be much helpful.

Fields extracted:

@timestamp                                                    |      _time                             |  timestamp
2020-06-22T15:17:34.892576+00:00 | 2020-06-17 17:54:50 | 2020-06-23 01:17:34.888

Raw event:

=========

{"docker":{"container_id":"c0cb3bd3563f5f01133bcc496479b77b6c72bf898f24612ad7634b50a1749301"},"test":{"container_name":"anything","namespace_name":"test10-project","pod_name":"anything-1-w44fj","pod_id":"9289218b-b1cc-11ea-abcd-005056a44ead","labels":{"app":"anything","deployment":"anything-1","deploymentconfig":"anything"},"host":"ost-clb-osp-app-c02.linux.ostravam.corp.telstra.com","master_url":"https://test.default.svc.cluster.local","namespace_id":"0fbe0d11-cade-11e9-a562-005056a44ead"},"mess... 01:17:34.888 DEBUG --- [nio-8090-exec-5] o.s.web.servlet.DispatcherServlet : GET \"/healthcheck\", parameters={}\n","level":"info","hostname":"xxxxxxxxxxxxx","pipeline_metadata":{"collector":{"ipaddr4":"10.130.5.172","ipaddr6":"fe80::823:d3ff:fe3f:bf2d","inputname":"fluent-plugin-systemd","name":"fluentd","received_at":"2020-06-22T15:17:35.076698+00:00","version":"0.12.43 1.6.0"}},"@timestamp":"2020-06-22T15:17:34.892576+00:00","viaq_index_name":"project.test10-project.0fbe0d11-cade-11e9-a562-005056a44ead.2020.06.22","viaq_msg_id":"YzY0NWI1ZGItMjc5Ni00YWI2LWI4OWUtMWZkODU1NTRlNjdj","forwarded_by":"standalone-fluentd-splunk.openshift-logging.svc.cluster.local","source_component":"testsource"}