Instead of pre-order the data, use the timestamp from the event and set that as the timestamp to index in elasticsearch. Then it nicely sorted in kibana when you view the data..
You can use a filter like this (this does not match your timestamp, it is just an example).
filter {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:replace_timestamp}" }
}
date {
match => ['replace_timestamp', 'yyyy-MM-dd HH:mm:ss']
timezone => "UTC"
target => "@timestamp"
}
}