Query finds something that does not exist in logs

[oalimerko]

i am using this query for querying the logs in elastic

    [query_database_pool_exceeded]
    QueryIndices = logs.*
    QueryIntervalSecs = 300
    QueryJson = {
      "size": 0,
      "query": {
        "query_string": {
          "query": "(message:\"Maximum allowed connections to DB\" OR \"Cannot get a connection, pool error\") AND @timestamp:(>=now-6m AND <now)"
        }
      },
      "aggs": {
        "application": {
          "terms": {
            "field": "kubernetes.labels.app.keyword"
            }
          }
        }
      }

and also i use this prometheus alert rule

    - alert: ElasticExporterDatabaseConnectionPoolExceeded
      expr: database_pool_exceeded_application_doc_count > 0
      for: 6m
      labels:
        severity: critical
        target: project
        topic: database
      annotations:
        targetTemplate: kibana
        summary: "summary"
        description: "description"

The problem is that i get alerted time to time,when i check the metric in prometheus i see that my metric returns some date,but the strange thing is that i do not find those strings in logs.I do not understand how the metric can return data if those strings are not visible in logs.It looks like that my query finds something that does not exist in logs at all.