[FR] ES|QL remote validation support newline split indices

### Repository Feature

None

### Problem Description

Currently rules with newline split indices (e.g. https://github.com/elastic/detection-rules/pull/5340) do not have their indices parsed correctly. 

E.g.

Given a rule with the following `from` ES|QL line:
```
from
  logs-network_traffic.http-*,
  logs-network_traffic.tls-*,
  logs-nginx.access-*,
  logs-apache.access-*,
  logs-apache_tomcat.access-*,
  logs-iis.access-*
```

`get_esql_query_indices` will return a `sources_list` of the following: `['logs-network_traffic.http-*', '']` which includes only the first index and an empty name index. 

<img width="1208" height="674" alt="Image" src="https://github.com/user-attachments/assets/7676f46f-b26a-4193-b8dc-6376c0668cfb" />

### Desired Solution

_No response_

### Considered Alternatives

The regex definition `FROM_SOURCES_REGEX` should support multi-line index definitions. E.g. something like:
```
FROM_SOURCES_REGEX = re.compile(
    r"^\s*FROM\s+(?P<sources>(?:.+?(?:,\s*)?\n?)+?)\s*(?:\||\bmetadata\b|//|$)",
    re.IGNORECASE | re.MULTILINE
)
```

 

### Additional Context

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[FR] ES|QL remote validation support newline split indices #5355

Repository Feature

Problem Description

Desired Solution

Considered Alternatives

Additional Context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[FR] ES|QL remote validation support newline split indices #5355

Description

Repository Feature

Problem Description

Desired Solution

Considered Alternatives

Additional Context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions