[KQL] Use term queries for keyword fields

[lukasolson]

Summary

Prior to this PR, a KQL query like agent.type: filebeat would generate a match query, regardless of the field type, even though match and match_phrase queries are considered full-text (not term-level) queries. This worked for keyword fields, because internally in Elasticsearch, match and match_phrase queries are rewritten as term queries.

This PR updates the behavior to generate a term query instead. This is one step toward adding support for case-insensitive searches on keyword fields.

Checklist

• Documentation was added for features that require explanation or tutorials
• Unit or functional tests were updated or added to match the most common scenarios

[elasticmachine]

Pinging @elastic/kibana-app-services (Team:AppServicesSv)

[Dosant]

👍

[kibana-ci]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 9a67dc9

Failed CI Steps

• FTR Configs #23

Test Failures

• [job] [logs] FTR Configs #23 / console app console app with comments with single line comments should allow in request body, using #

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
aiops	766.8KB	766.9KB	+43.0B
apm	3.1MB	3.1MB	+43.0B
canvas	1.0MB	1.0MB	+43.0B
cloudSecurityPosture	203.4KB	203.4KB	+43.0B
controls	492.2KB	492.3KB	+43.0B
dashboard	423.5KB	423.6KB	+43.0B
dataViewManagement	149.2KB	149.2KB	+43.0B
dataVisualizer	571.6KB	571.7KB	+43.0B
discover	461.0KB	461.0KB	+43.0B
discoverEnhanced	44.6KB	44.7KB	+43.0B
fleet	916.7KB	916.8KB	+43.0B
graph	454.5KB	454.5KB	+43.0B
infra	1009.4KB	1009.5KB	+43.0B
inputControlVis	78.3KB	78.3KB	+43.0B
lens	1.3MB	1.3MB	+43.0B
lists	192.2KB	192.2KB	+43.0B
ml	3.4MB	3.4MB	+43.0B
monitoring	479.8KB	479.8KB	+43.0B
observability	520.6KB	520.7KB	+43.0B
osquery	1.0MB	1.0MB	+43.0B
securitySolution	9.5MB	9.5MB	+43.0B
synthetics	1.0MB	1.0MB	+43.0B
threatIntelligence	115.1KB	115.1KB	+43.0B
transform	388.9KB	389.0KB	+43.0B
triggersActionsUi	676.8KB	676.8KB	+43.0B
unifiedFieldList	55.0KB	55.1KB	+43.0B
unifiedSearch	260.4KB	260.5KB	+43.0B
upgradeAssistant	179.9KB	179.9KB	+43.0B
visTypeTimelion	109.2KB	109.3KB	+43.0B
visTypeVega	1.7MB	1.7MB	+43.0B
visualizations	268.1KB	268.2KB	+43.0B
total			+1.3KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
dashboardEnhanced	42.8KB	42.8KB	+43.0B
data	439.0KB	439.1KB	+43.0B
maps	82.1KB	82.2KB	+43.0B
stackAlerts	42.3KB	42.4KB	+43.0B
timelines	172.8KB	172.8KB	+43.0B
total			+215.0B

History

• 💛 Build #81197 was flaky 0e9fb19

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @lukasolson