[BUG] rule.level not sortable

[Orgoth]

Describe the bug

/app/threat-hunting#/overview/?tab=general&tabView=events
It is not possible to sort by rule.level, regardless of the configuration, the sorting is not applied.

To Reproduce
Steps to reproduce the behavior:

1. /app/threat-hunting#/overview/?tab=general&tabView=events
2. Click on arrow down on the rule.level table/column header
3. Sort A-Z or Sort Z-A
4. nothing changes

{
  "params": {
    "index": "wazuh-alerts-*",
    "body": {
      "sort": [
        {
          "timestamp": {
            "order": "desc",
            "unmapped_type": "boolean"
          }
        },
        {
          "rule.level": {
            "order": "asc",
            "unmapped_type": "boolean"
          }
        }
      ],
      "size": 15,
      "from": 0,
      "stored_fields": [
        "*"
      ],
      "script_fields": {},
      "docvalue_fields": [
        {
          "field": "data.aws.createdAt",
          "format": "date_time"
        },
        {
          "field": "data.aws.end",
          "format": "date_time"
        },
        {
          "field": "data.aws.resource.instanceDetails.launchTime",
          "format": "date_time"
        },
        {
          "field": "data.aws.service.eventFirstSeen",
          "format": "date_time"
        },
        {
          "field": "data.aws.service.eventLastSeen",
          "format": "date_time"
        },
        {
          "field": "data.aws.start",
          "format": "date_time"
        },
        {
          "field": "data.aws.updatedAt",
          "format": "date_time"
        },
        {
          "field": "data.ms-graph.createdDateTime",
          "format": "date_time"
        },
        {
          "field": "data.ms-graph.firstActivityDateTime",
          "format": "date_time"
        },
        {
          "field": "data.ms-graph.lastActivityDateTime",
          "format": "date_time"
        },
        {
          "field": "data.ms-graph.lastUpdateDateTime",
          "format": "date_time"
        },
        {
          "field": "data.ms-graph.resolvedDateTime",
          "format": "date_time"
        },
        {
          "field": "data.timestamp",
          "format": "date_time"
        },
        {
          "field": "data.vulnerability.published",
          "format": "date_time"
        },
        {
          "field": "data.vulnerability.updated",
          "format": "date_time"
        },
        {
          "field": "syscheck.mtime_after",
          "format": "date_time"
        },
        {
          "field": "syscheck.mtime_before",
          "format": "date_time"
        },
        {
          "field": "timestamp",
          "format": "date_time"
        }
      ],
      "_source": {
        "excludes": [
          "@timestamp"
        ]
      },
      "query": {
        "bool": {
          "must": [],
          "filter": [
            {
              "match_all": {}
            },
            {
              "match_phrase": {
                "manager.name": {
                  "query": "wazuh.example.de"
                }
              }
            },
            {
              "match_phrase": {
                "agent.name": "PC-Chris"
              }
            },
            {
              "range": {
                "timestamp": {
                  "gte": "2025-01-13T14:06:46.969Z",
                  "lte": "2025-01-14T14:06:46.970Z",
                  "format": "strict_date_optional_time"
                }
              }
            }
          ],
          "should": [],
          "must_not": []
        }
      }
    },
    "preference": 1736862125153
  }
}

Expected behavior
Sorting should be applies and for example:
Sort A-Z should result in 1-100
Sort Z-A should result in 100-1

Dashboards Version
4.10

Screenshots

Host/Environment (please complete the following information):

• OS: Kubuntu 22.04 LTS
• Chrome Version 131.0.6778.264 (Offizieller Build) (64-Bit)

[Desvelao]

According to the evidence of the request paylod:

"sort": [
        {
          "timestamp": {
            "order": "desc",
            "unmapped_type": "boolean"
          }
        },
        {
          "rule.level": {
            "order": "asc",
            "unmapped_type": "boolean"
          }
        }
      ],

this is sorting by the following fields in order:

• timestamp (first sort)
• rule.level (second sort)

This sorting means the results are firstly sorted by timestamp and then by rule.level (events with the same timestamp are sorted by the rule.level).

If changing the sorting value for the second sorting field (rule.level) from A-Z to Z-A does not change apparently, this is related to the first sorting field (timestamp).

[Orgoth]

I am unable to change this, since I am only clicking on the table column and then on sort A-Z, how can i remove the time sorting?!

          "timestamp": {
            "order": "desc",
            "unmapped_type": "boolean"
          }
        }

This is added by the dashboard without an option to remove it!

[Desvelao]

You can remove the sorting of the timestamp field through the fields sorted button: