diff --git a/elastic/security/templates/component/track-shared-logsdb-mode.json b/elastic/security/templates/component/track-shared-logsdb-mode.json
index adc476be..95f598f4 100644
--- a/elastic/security/templates/component/track-shared-logsdb-mode.json
+++ b/elastic/security/templates/component/track-shared-logsdb-mode.json
@@ -9,7 +9,7 @@
                 "synthetic_source_keep": "{{ synthetic_source_keep }}"
             },
             {% endif %}
-            "sort.field": [ "host.hostname", "@timestamp" ],
+            "sort.field": [ "host.id", "@timestamp" ],
             "sort.order": [ "asc", "desc" ],
             "sort.missing": ["_first", "_last"]
         }