How splunk will decide for date/time in _time field?

I am getting strange date/time.

In first event I don't have any date/time information splunk will use event generate date time.

In second event I have several date/time field splunk pickup date from one of the field and for time it is using event generate time.

Is it right behavior?
If I want educate to splunk on specific date/time based on the eventtype, What should I do?