I can help you with the syntax and general understanding of what is happening with these queries.
-
It looks like you're expecting partial matches on substrings without whitespace. This is not the default behavior of Elasticsearch, and you need to implement a different text analysis configuration to get this without wildcards.
-
Wildcards work the way you'd expect, which is that if you have a single token like
**Production**RedisConnectionFailureException, then a wildcard can match the missing prefix like*RedisConnectionFailureException.
You have already figured out the correct syntax for wildcards. The syntax you used in the last example, without double quotes, is correct for KQL.
I notice that you are multi-mapping this field, so you have both log and log.keyword fields, but you aren't searching log.keyword. You may want to read up on mapping options.