| makeresults | eval _raw="2021-03-17T11:08:26,399 INFO [00000018] :dikpater@nowhere - 3 PROC SQL NOEXEC;
2021-03-17T11:08:26,400 INFO [00000018] :dikpater@nowhere - 4 SELECT t1.ID,
2021-03-17T11:08:26,401 INFO [00000018] :dikpater@nowhere - 5 t1.KOLOM1,
2021-03-17T11:08:26,402 INFO [00000018] :dikpater@nowhere - 6 t1.KOLOM2,
2021-03-17T11:08:26,403 INFO [00000018] :dikpater@nowhere - 7 FROM mytable t1;
2021-03-17T11:08:26,404 INFO [00000018] :dikpater@nowhere - 8 RUN;"
| multikv noheader=t
| fields - Column_1


| eval _time=strptime(_raw,"%Y-%m-%dT%H:%M:%S,%Q")

| sort - _time
| transaction startswith="PROC SQL" endswith="RUN" mvraw=t

The first part sets up dummy data in line with your example

The second part may or may not be needed if you already have _time extracted as an epoch time

The transaction command needs event sorted in descending _time order

I used mvraw=t which may or may not be required depending on how you want to proceed