I have inserted the csv file into the splunk starting data from "2016-11-09 00:00:00" and ending data has date "2017-02-09 06:00:00".
I tried to use
Command
| inputlookup "Thread_Count"
| eval _time= strptime('_time',"%Y-%m-%dT%H:%M:%S")
| rename Thread_Prediction as Y
| timechart span=30m avg(Y) as Y
then Starting date coming as 2016-11-09 00:00:00 and ending date coming as "2017-02-09 06:00:00" which sounds good to me as expected.

but when i try to use this command
| inputlookup "Thread_Count"
| eval _time= strptime('_time',"%Y-%m-%dT%H:%M:%S")
| rename Thread_Prediction as Y
| timechart span=60m avg(Y) as Y

By just changing the span to 60 min starting date is coming as 2016-11-08 23:30:00(which is not even present in csv) and ending date as 2017-02-09 05:30:00.
Also in my csv file there is no row as 2016-11-08 as all the data is starting from 2016-11-09.

I need my search to be like that for 30 min span i want it to end as 2017-02-09 05:30:00-->2017-02-09 06:00:00 which is coming and for 60min span it should be 2017-02-09 05:00:00 -->2017-02-09 06:00:00 and then 7 rather than 2017-02-09 05:30:00--06:30.

I am using Splunk 6.5.1 instance