It looks like you're querying the message field... could you check if it is mapped as match_only_text?
I expect you're running into the same issue as reported here: [Bug] Discover document query timeout - 8.12.0 · Issue #175216 · elastic/kibana · GitHub