I mean this is pretty much a (D)DoS attempt. He's either rotating proxies and User-Agent headers or using a small botnet. The reason for the search queries in that case would be because it's often a really easy way to spike memory and CPU usage because few people running a WP site cache search results or use rate limiting.
I would temporarily disable search (or switch to Google search). Also look at the logs right before it happened. I suspect the origin might be 141.101.98.14 because it's a cloudflare IP and it used the default Go HTTP client User-Agent
https://golang.org/src/net/http/request.go#L458.