How do I make sure that every event starts parsing at the beginning of the line?

I'm running into a problem where some events are parsed in the middle versus from the beginning of the string. For the below data, I received the following 1. logMsgType: *dTrace* 2. logMsgType: *d],DD.DTO.Users.GetUserInfoResponse],* 3. logMsgType: *dTrace* **Why is the second line starting in the middle of the event instead of the first character?**


**Log.txt**: dTrace DDCDI1MSVC201_DD.DTO.Users.GetUserInfoResponse GetOne(System.String) 9:00:17 AM.018 2016-4 -21 [124] w3wp 36020 DD.Common.Logging.Infrastructure.LogManager DD.Common.Logging.Infrastructure.ILogManager.Log 0 0.0.0.0 0.0.0.0 {TAG:DD1FE36020VINT>6A2A0A0A.443} {CTX:0} : N/A Exit returned GD.DTO.Users.GetUserInfoResponse at 9:00:17 AM dTrace DDCDI1MSVC201_DD.DTO.Users.GetUserInfoResponse Execute[Nullable`1,GetUserInfoResponse](DD.DAL.DBContext.UserProfileEntities, System.Func`2[System.Nullable`1[System.Guid],DD.DTO.Users.GetUserInfoResponse], System.Nullable`1[System.Guid]) 9:00:17 AM.018 2016-4 -21 dTrace DDCDI1MSVC201_DD.DTO.Users.GetUserInfoResponse GetOne(System.String) 9:00:17 AM.018 2016-4 -21 [124] w3wp 36020 DD.Common.Logging.Infrastructure.LogManager DD.Common.Logging.Infrastructure.ILogManager.Log 0 0.0.0.0 0.0.0.0 {TAG:DD1FE36020VINT>6A2A0A0A.441} {CTX:0} : N/A Enter at 9:00:17 AM **props.conf**: [customparse] DATETIME_CONFIG = /etc/apps/search/local/datetime.xml NO_BINARY_CHECK = true category = Custom disabled = false pulldown_type = true KV_MODE = none EXTRACT-m = ^(?d[^ ]+) +(?.+?) (?\d{1,2}:[0-5]\d:[0-5]\d (?:A|P)M)\.(?\d{3}) (?\d{4}-\d{1,2} ?-\d{1,2} ?) (?\[[^\]]*\]) (?[^ ]+) +(?\d+) (?[^ ]+) +(?[^ ]+) +(?\d+) +(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) +(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) +(?.*)(?\n(\>[^\n]+\n)*)? MAX_TIMESTAMP_LOOKAHEAD = 50 SHOULD_LINEMERGE = true TIME_PREFIX = ^d[^ ]+ +.+?(?= \d{1,2}:[0-5]\d:[0-5]\d (?:A|P)M) **datetime.xml**:(\d{1,2}):([0-5]\d):([0-5]\d) (AM|PM)\.(\d{3}) (\d{4})-(\d{1,2}) ? -(\d{1,2}) ?