I've written a search that charts data into a table. The query extracts run times greater than 25% over its calculated average value from the past 60 days. However, when I run the search, the run_time values are not lining up with the start_time values in the raw events. I'm probably missing something very simple, but I have been looking at this for so long. I figured maybe someone could pick up what I am doing wrong pretty quickly.

The start_time and run_time values don't line up correctly with the _raw data in the events.

index=foo sourcetype=bar  firm_number="24" 
| strcat firm_name " - Firm Number:  " firm_number AS Firm 
| bin _time span=60d 
| eventstats avg(duration_minutes) as avg_time by Firm
| eval perc_of_change=round(((duration_minutes-avg_time)/duration_minutes)*100,2) 
| where perc_of_change > 25 
| stats values(duration_minutes) as run_time values(start_time) as start_time first(avg_time) as avg_time by Firm
| fields - _time