Make kuery's use of implicit ANDs more clear

[trevan]

I used makelogs to generate some logstash data and then ran the query "extension:jpg response:404" under both kuery and lucene.

In kuery, it found 5 items. In lucene, it found 56 items. That is because kuery uses AND to join the clauses while lucene uses OR to join the clauses.

Since keury can be identical to lucene, I think you'll have confusion from people who switch between the two or are using filters that they found elsewhere.

I can't seem to find any reason why it was decided to use AND as the implicit join in either #12624 (PR) or #12624 (Issue) but maybe there was internal discussion about it.

[Bargs]

We made this decision intentionally. In my experience the implicit ORs in the lucene query syntax seem to be unintuitive for users. It's the opposite of how most query languages work.

You make a good point that the transition could be confusing though. I'll add more emphasis in the docs. I bet we can figure out a way to make this more obvious when we're working on autocomplete as well.