[ES|QL] KQL defaults to case-insensitive matching on keyword fields (inconsistent with docs & Kibana behavior)

[afoucret]

Elasticsearch Version

=8.17

Installed Plugins

No response

Java Version

bundled

OS Version

N/A

Problem Description

There is an inconsistency between how KQL queries behave in Kibana vs. ES|QL/Elasticsearch’s implementation.

In Kibana, KQL queries on keyword fields are case-sensitive (as per documentation).
In Elasticsearch KQL implementation (used by the ES|QL kql() function), the default is incorrectly set to case-insensitive.

This discrepancy is confusing for users and inconsistent with the documented behavior of KQL:

When querying keyword, numeric, date, or boolean fields, the value must be an exact match, including punctuation and case. However, when querying text fields, Elasticsearch analyzes the value provided The KQL query implementation in Elasticsearch has the wrong default making it case insensitive

Steps to Reproduce

Put some docs

PUT test/_doc/1
{
  "user": "Student01"
}

PUT test/_doc/2
{
  "user": "student01"
}

Run in Kibana Discover:

user: "student01"

→ Returns only the lowercase match.

Run in ES|QL:

FROM test | WHERE kql(user: "student01")

→ Returns both "student01" and "Student01".

Expected Behavior:

KQL should respect its documented semantics: keyword fields require exact match (case-sensitive).

Actual Behavior:

ES|QL’s KQL function is case-insensitive on keyword fields.

Logs (if relevant)

No response

[elasticsearchmachine]

Pinging @elastic/es-search-relevance (Team:Search Relevance)

[elasticsearchmachine]

Pinging @elastic/search-eng (Team:SearchOrg)

[krzee]

This has proven to be a useful bug. When it's fixed is there any way we could keep the option to use KQL() case insensitive? Maybe a KQLi() or a flag or something?