Query string query performance investigation

[bowenlan-amzn]

There are 2 query string on message operation in big5 and we have been slower compared to ES. Based on this report https://blog.trailofbits.com/2025/03/06/benchmarking-opensearch-and-elasticsearch/
Big5 Text Querying section

Query Details

query-string-on-message OS 145 ES 3.5
https://github.com/opensearch-project/opensearch-benchmark-workloads/blob/main/big5/queries/query-string-on-message.json

{
  "query": {
    "query_string": {
      "query": "message: shield AND carp AND shark"
    }
  }
}

query-string-on-message-filtered OS 27 ES 10.4
https://github.com/opensearch-project/opensearch-benchmark-workloads/blob/main/big5/queries/query-string-on-message-filtered.json

{
  "query": {
    "bool": {
      "must": [
        {
          "range": {
            "@timestamp": {
              "gte": "2023-01-01T00:00:00",
              "lt": "2023-01-03T00:00:00"
            }
          }
        },
        {
          "query_string": {
            "query": "message: shield AND carp AND shark"
          }
        }
      ]
    }
  }
}

We suspect some problem in our implementation of match only text field and are investigating.

[bowenlan-amzn]

Verified on OS 2.17.2 cluster this PR #16964 already fixed the issue.

[bowenlan-amzn]

On Mar 10th, for 3.0.0-alpha1, p90 service time
query-string-on-message: ~13ms
query-string-on-message-filtered: ~6ms

[asimmahmood1]

If we see this in future, like I did, it maybe due to OSB defaulting to 'text' mapping instead of match_only_text: opensearch-project/opensearch-benchmark-workloads#636 (comment)