diff --git a/package/etc/context_templates/splunk_metadata.csv.example b/package/etc/context_templates/splunk_metadata.csv.example
index 5223f97..995bd56 100644
--- a/package/etc/context_templates/splunk_metadata.csv.example
+++ b/package/etc/context_templates/splunk_metadata.csv.example
@@ -1,31 +1,9 @@
-bluecoat_proxy,index,netproxy
-brocade_syslog,index,netops
 ArcSight_ArcSight,index,main
 ArcSight_ArcSight,source,ArcSight:ArcSight
-Carbon Black_Protection,source,carbonblack:protection:cef
+bluecoat_proxy,index,netproxy
+brocade_syslog,index,netops
 Carbon Black_Protection,index,epintel
-Cyber-Ark_Vault,index,netauth
-Cyber-Ark_Vault,sourcetype,cyberark:epv:cef
-CyberArk_PTA,index,main
-CyberArk_PTA,sourcetype,cyberark:pta:cef
-Incapsula_SIEMintegration,index,netwaf
-Incapsula_SIEMintegration,source,Imperva:Incapsula
-Incapsula_SIEMintegration,sourcetype,cef
-Incapsula_SIEMintegration,sc4s_template,t_cef_kv
-Imperva Inc._SecureSphere,index,netwaf
-Imperva Inc._SecureSphere,sourcetype,imperva:waf
-Imperva Inc._SecureSphere,sc4s_template,t_legacy_hdr_msg
-Imperva Inc._SecureSphere_Firewall,sourcetype,imperva:waf:firewall:cef
-Imperva Inc._SecureSphere_Signature,sourcetype,imperva:waf:security:cef
-Imperva Inc._SecureSphere_Protocol,sourcetype,imperva:waf:security:cef
-Imperva Inc._SecureSphere_Worm,sourcetype,imperva:waf:security:cef
-Microsoft_Microsoft Windows,index,oswinsec
-Microsoft_System or Application Event,index,oswin
-Microsoft_System or Application Event,source,CEFEventLog:System or Application Event
-Microsoft_Microsoft Windows,source,CEFEventLog:Microsoft Windows
-MCAS_SIEM_Agent,index,main
-MCAS_SIEM_Agent,source,microsoft:cas
-checkpoint_splunk,index,netops
+Carbon Black_Protection,source,carbonblack:protection:cef
 checkpoint_splunk_dlp,index,netdlp
 checkpoint_splunk_email,index,email
 checkpoint_splunk_firewall,index,netfw
@@ -35,10 +13,16 @@ checkpoint_splunk_sessions,index,netops
 checkpoint_splunk_web,index,netproxy
 checkpoint_splunk,index,netops
 checkpoint_splunk,index,netops
+checkpoint_splunk,index,netops
+cisco_acs,index,netauth
 cisco_apic_acl,index,netfw
 cisco_apic_events,index,netops
-cisco_acs,index,netauth
 cisco_asa,index,netfw
+Cisco_C100V Email Security Virtual Appliance_ESA_CONSOLIDATED_LOG_EVENT,index,email
+Cisco_C100V Email Security Virtual Appliance_ESA_CONSOLIDATED_LOG_EVENT,sc4s_template,t_legacy_hdr_msg
+Cisco_C100V Email Security Virtual Appliance_ESA_CONSOLIDATED_LOG_EVENT,source,esa:consolidated
+Cisco_C100V Email Security Virtual Appliance_ESA_CONSOLIDATED_LOG_EVENT,sourcetype,cisco:esa:cef
+cisco_esa,index,email
 cisco_ftd,index,netfw
 cisco_ios,index,netops
 cisco_ise,index,netauth
@@ -46,15 +30,18 @@ cisco_meraki,index,netfw
 cisco_nx_os,index,netops
 cisco_ucm,index,main
 cisco_wsa,index,netproxy
-dell_rsa_secureid,index,netauth
 citrix_netscaler,index,netfw
-local_example,index,main
-forcepoint_webprotect,index,netproxy
-f5_bigip,index,netops
+Cyber-Ark_Vault,index,netauth
+Cyber-Ark_Vault,sourcetype,cyberark:epv:cef
+CyberArk_PTA,index,main
+CyberArk_PTA,sourcetype,cyberark:pta:cef
+dell_rsa_secureid,index,netauth
 f5_bigip_access_json,index,netops
-f5_bigip_irule,index,netops
 f5_bigip_asm,index,netwaf
+f5_bigip_irule,index,netops
 f5_bigip_nix,index,netops
+f5_bigip,index,netops
+forcepoint_webprotect,index,netproxy
 fortinet_fortios_event,index,netops
 fortinet_fortios_log,index,netops
 fortinet_fortios_traffic,index,netfw
@@ -63,63 +50,83 @@ fortinet_fortiweb_attack,index,netids
 fortinet_fortiweb_event,index,netops
 fortinet_fortiweb_log,index,netops
 fortinet_fortiweb_traffic,index,netfw
-infoblox_dns,index,netdns
+Imperva Inc._SecureSphere_Firewall,sourcetype,imperva:waf:firewall:cef
+Imperva Inc._SecureSphere_Protocol,sourcetype,imperva:waf:security:cef
+Imperva Inc._SecureSphere_Signature,sourcetype,imperva:waf:security:cef
+Imperva Inc._SecureSphere_Worm,sourcetype,imperva:waf:security:cef
+Imperva Inc._SecureSphere,index,netwaf
+Imperva Inc._SecureSphere,sc4s_template,t_legacy_hdr_msg
+Imperva Inc._SecureSphere,sourcetype,imperva:waf
+Incapsula_SIEMintegration,index,netwaf
+Incapsula_SIEMintegration,sc4s_template,t_cef_kv
+Incapsula_SIEMintegration,source,Imperva:Incapsula
+Incapsula_SIEMintegration,sourcetype,cef
 infoblox_dhcp,index,netipam
+infoblox_dns,index,netdns
 infoblox_threat,index,netids
-juniper_idp,index,netids
-juniper_structured,index,netops
 juniper_idp_structured,index,netids
-juniper_junos_fw_structured,index,netfw
-juniper_junos_ids_structured,index,netids
-juniper_junos_utm_structured,index,netfw
+juniper_idp,index,netids
 juniper_junos_aamw_structured,index,netfw
-juniper_junos_secintel_structured,index,netfw
+juniper_junos_fw_structured,index,netfw
 juniper_junos_fw,index,netfw
+juniper_junos_ids_structured,index,netids
 juniper_junos_ids,index,netids
+juniper_junos_secintel_structured,index,netfw
+juniper_junos_utm_structured,index,netfw
 juniper_junos_utm,index,netfw
-juniper_netscreen,index,netfw
 juniper_legacy,index,netops
+juniper_netscreen,index,netfw
+juniper_structured,index,netops
+local_example,index,main
 mcafee_epo,index,epav
+MCAS_SIEM_Agent,index,main
+MCAS_SIEM_Agent,source,microsoft:cas
+Microsoft_Microsoft Windows,index,oswinsec
+Microsoft_Microsoft Windows,source,CEFEventLog:Microsoft Windows
+Microsoft_System or Application Event,index,oswin
+Microsoft_System or Application Event,source,CEFEventLog:System or Application Event
 nix_syslog,index,osnix
-pan_traffic,index,netfw
-pan_threat,index,netproxy
-pan_system,index,netops
 pan_config,index,netops
-pan_hipmatch,index,main
 pan_correlation,index,main
-pan_userid,index,netauth
+pan_hipmatch,index,main
+pan_system,index,netops
+pan_threat,index,netproxy
+pan_traffic,index,netfw
 pan_unknown,index,netops
-pfsense,index,netops
+pan_userid,index,netauth
 pfsense_filterlog,index,netfw
+pfsense,index,netops
 proofpoint_pps_filter,index,email
 proofpoint_pps_sendmail,index,email
 sc4s_events,index,main
 sc4s_fallback,index,main
 sc4s_metrics,index,em_metrics
-symantec_ep,index,epav
 symantec_brightmail,index,email
+symantec_ep,index,epav
 syslogng_loggen,index,main
 Trend Micro_Deep Security Agent,index,epintel
-Trend Micro_Deep Security Agent,sc4s_template,t_legacy_hdr_msg
-Trend Micro_Deep Security Agent_intrusion prevention,sourcetype,deepsecurity-intrusion_prevention
+Trend Micro_Deep Security Agent_antimalware,index,epav
+Trend Micro_Deep Security Agent_antimalware,sourcetype,deepsecurity-antimalware
+Trend Micro_Deep Security Agent_app control,sourcetype,deepsecurity-app_control
+Trend Micro_Deep Security Agent_firewall,sourcetype,deepsecurity-firewall
 Trend Micro_Deep Security Agent_integrity monitoring,sourcetype,deepsecurity-integrity_monitoring
+Trend Micro_Deep Security Agent_intrusion prevention,sourcetype,deepsecurity-intrusion_prevention
 Trend Micro_Deep Security Agent_log inspection,sourcetype,deepsecurity-log_inspection
 Trend Micro_Deep Security Agent_web reputation,sourcetype,deepsecurity-web_reputation
-Trend Micro_Deep Security Agent_firewall,sourcetype,deepsecurity-firewall
-Trend Micro_Deep Security Agent_antimalware,sourcetype,deepsecurity-antimalware
-Trend Micro_Deep Security Agent_antimalware,index,epav
-Trend Micro_Deep Security Manager,index,epintel
-Trend Micro_Deep Security Agent_app control,sourcetype,deepsecurity-app_control
+Trend Micro_Deep Security Agent,sc4s_template,t_legacy_hdr_msg
 Trend Micro_Deep Security Manager,index,epintel
 Trend Micro_Deep Security Manager,sc4s_template,t_legacy_hdr_msg
 Trend Micro_Deep Security Manager,sourcetype,deepsecurity-system_events
-ubiquiti_unifi,index,netops
 ubiquiti_unifi_fw,index,netfw
 ubiquiti_unifi_link,index,netops
 ubiquiti_unifi_sudo,index,netops
 ubiquiti_unifi_switch,index,netops
 ubiquiti_unifi_threat,index,netids
 ubiquiti_unifi_wireless,index,netops
+ubiquiti_unifi,index,netops
+unknown,index,main
+unknown,source,SC4S:unknown
+unknown,sourcetype,SC4S:unknown
 vmware_esx,index,main
 vmware_horizon,index,main
 vmware_nsx,index,main
@@ -127,15 +134,7 @@ vmware_vcenter,index,main
 zscaler_alerts,index,netops
 zscaler_dns,index,netdns
 zscaler_fw,index,netfw
+zscaler_lss,index,netproxy
 zscaler_web,index,netproxy
 zscaler_zia_audit,index,netops
-zscaler_zia_sandbox,index,main
-zscaler_lss,index,netproxy
-unknown,index,main
-unknown,source,SC4S:unknown
-unknown,sourcetype,SC4S:unknown
-Cisco_C100V Email Security Virtual Appliance_ESA_CONSOLIDATED_LOG_EVENT,index,email
-Cisco_C100V Email Security Virtual Appliance_ESA_CONSOLIDATED_LOG_EVENT,sc4s_template,t_legacy_hdr_msg
-Cisco_C100V Email Security Virtual Appliance_ESA_CONSOLIDATED_LOG_EVENT,sourcetype,cisco:esa:cef
-Cisco_C100V Email Security Virtual Appliance_ESA_CONSOLIDATED_LOG_EVENT,source,esa:consolidated
-cisco_esa,index,email
\ No newline at end of file
+zscaler_zia_sandbox,index,main
\ No newline at end of file