Elastic Update By Query Updated Entire Index Instead

Question

I am trying to get a query to work that will update a specific field in a document, provided it matches a query (in this example, where one field matches an exact value).

Here I am trying to query all documents that have the field "Foo" set to "Bar", and set the field "TextField5" in each of them to 1337. There are only a handfull in the index that match this. However, when I run this query, every document in the index has its TextField5 updated.

POST /threat_vuln/_update_by_query
{
  "query": { 
    "match": {
      "Foo": "Bar"
    }
  },
  
  "script" : {
    "source" : "ctx._source.TextField5='1337';",
    "lang" : "painless"
  }
}

I've gone over the Update API and Update By Query API and am still missing something. How can I change this to only update documents that match the query?

I'm on Kibana 7.4.0

EDIT: Also tried this, which still updates every document in the index instead of those matching the query:

POST /threat_vuln/_update_by_query
{
  "query": { 
    "bool" : {
      "must": [
                  {
                      "match": {
                            "Foo": "Bar"
                          }
                    }
              ]
      }
  },
  
  "script" : {
    "source" : "ctx._source.TextField5='1337';",
    "lang" : "painless"
  }
}

Answer 1

I got this to work as intended:

POST /threat_vuln/_update_by_query
{
  "query": { 
    "bool" : {
      "must": [
                  {
                      "match": {
                            "Foo.keyword": "Bar"
                          }
                    }
              ]
      }
  },
  
  "script" : {
    "source" : "ctx._source.TextField5='1337';",
    "lang" : "painless"
  }
}

I still don't understand how/why the examples in the question would just go ahead and update everything with what now appears to be a query that should return nothing, but I digress.