From b7591093cfbc0ba74ee95a6dbcc3705860496f9f Mon Sep 17 00:00:00 2001
From: Rob Waight <43173714+rwaight@users.noreply.github.com>
Date: Sat, 4 Sep 2021 09:45:03 -0400
Subject: [PATCH] Add index sorting to so-common-template.json

Add index sorting to so-common-template.json
---
 salt/elasticsearch/templates/so/so-common-template.json | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/salt/elasticsearch/templates/so/so-common-template.json b/salt/elasticsearch/templates/so/so-common-template.json
index 777bf3f53..c9772b5db 100644
--- a/salt/elasticsearch/templates/so/so-common-template.json
+++ b/salt/elasticsearch/templates/so/so-common-template.json
@@ -8,6 +8,8 @@
     "index.refresh_interval":"30s",
     "index.routing.allocation.require.box_type":"hot",
     "index.mapping.total_fields.limit": "1500",
+    "index.sort.field": "@timestamp",
+    "index.sort.order": "desc",
     "analysis": {
       "analyzer": {
         "es_security_analyzer": {