_time is usually stored as number of second since start of epoch in utc - all span does is that the time value back to the start of the current time bucket (still in utc). When you display the time it is local format, hence the half hour boundary differences in your case. You could try displaying your times in utc or potentially make the adjustment when the events are indexed or petition your government to change their time zone settings so they align with hours rather than half past or move 😀 ... View more