Need help with complex LINE_BREAKER with multiple options

Here are some sample lines from a log I'm trying to parse: Genesys Interaction Concentrator, Version:'8.1.502.04' Copyright (c) 2005,2015 Genesys Telecommunications Labs, Inc. Host name: h03-005.xxx.xom DST: TZ = 0, timeb = 0 Time zone: 0, UTC, UTC UTC time: 2017-04-13T14:20:26.758 Local time: 2017-04-13T14:20:26.758 Start time (UTC): 2017-03-25T18:02:23 Running time: 18:20:18:03 Host info: Linux, h03-005.xxx.com, 2.6.32-642.13.1.el6.x86_64, #1 SMP Wed Nov 23 16:03:01 EST 2016, x86_64 14:20:29.735 [GUD]: Place into PQ buffer [DSS_NODATA_MARKER], key []-[] 2017-04-13T14:20:30.736 Trc 25016 Persistent Queue GUD: transaction 765879 is committed. 1 records written into the queue -AP[27138]->-6 @14:20:48.4635 -Ap[27138]-<-6 @14:20:48.4644 @14:21:25.744 [GCC]: Place into PQ buffer [DSS_NODATA_MARKER], key []-[]-[] ._14:29:50.6723_04/13/17 14:30:30.6962_error: ConnNS.cpp:226 cannot resolve name 'h03-002.xxx.com', errno=11 I want to break the above into events based on finding a timestamp at/near the beginning of a line. The net result is that the first event will include all of the 'header' stuff (down to the blank line), then the rest are separate events. In other words, lines 1-12 are one event, then lines 13-18 are separate events. (In my ACTUAL log, there are events that are multi-line, so I can't just use the default of "each line is an event".) The LINE_BREAKER I've developed is: LINE_BREAKER = ([\n\r])((@|\._)?\d{2}\:\d{2}\:\d{2}|\d{4}\-\d{2}\-\d{2}|\-\w{2}\[\d{5}\]) This should break in the following cases: 1. Line starts with ##:##:##, with an optional "@" or "._" prefixing it. 2. Line starts with ####-##-## 3. Line starts with a dash, then 2 characters, square bracket, 5 numbers, closing square bracket Using regex101.com, this works and correctly finds all of the breakpoints between events. However, this doesn't work in Splunk - it only breaks on the lines matching the "2017-04-13...." option (#2). I know that Splunk uses a different RegEx parser, so I'm not surprised it works differently than RegEx101.com. I believe I've followed the example in the .spec file for multiple matching, but it doesn't work. Can anyone help with what I'm doing wrong? Thanks.