[BUG] Missing findings for detector configured against multiple concrete indices

[jowg-amazon]

What is the bug?
When multiple concrete indices (and possibly aliases) are configured against a detector the query index is only creating the query for the first index that's selected but not the subsequent indices. Then when you ingest a document into one of the indices that don't have the correct query, a finding is not generated. However, it is created for the index with the correct query in the query index.

How can one reproduce the bug?
Steps to reproduce the behavior:

1. Create a detector with multiple concrete indices.
2. Check the query index and only 1 query should be created from that detector.
3. Try to generate a finding using an index that doesn't have a query

What is the expected behavior?
A clear and concise description of what you expected to happen.

What is your host/environment?

• OS: 2.17
• Version [e.g. 22]
• Plugins

Do you have any screenshots?
If applicable, add screenshots to help explain your problem.

Do you have any additional context?
Add any other context about the problem.

[dblock]

[Catch All Triage - 1, 2, 3, 4, 5, 6]