diff --git a/elastic/security/templates/component/track-shared-logsdb-mode.json b/elastic/security/templates/component/track-shared-logsdb-mode.json
index fc100208..1f686086 100644
--- a/elastic/security/templates/component/track-shared-logsdb-mode.json
+++ b/elastic/security/templates/component/track-shared-logsdb-mode.json
@@ -1,11 +1,14 @@
 {
-  "template": {
-    "settings": {
-      {% if index_mode %}
-      "index": {
-          "mode": {{ index_mode | tojson }}
+    "template": {
+      "settings": {
+        {% if index_mode %}
+        "index": {
+            "mode": {{ index_mode | tojson }},
+            "sort.field": [ "host.hostname", "@timestamp" ],
+            "sort.order": [ "asc", "desc" ],
+            "sort.missing": ["_first", "_last"]
+        }
+        {% endif %}
       }
-      {% endif %}
     }
   }
-}