Having mixed results with this issue?

I have trap messages being written to a txt file which then gets pushed to my indexer via a universal forwarder and I also have line breaks setup in props.conf. The trap message then appears in full as a multi-line event.

This is the line break config for the trap message:

[imsva_log]
SHOULD_LINEMERGE = true
BREAK_ONLY_BEFORE = ^\d{2}\/\d{2}\/2\d{3}\s\d{1,2}:\d{2}\s(A|P)M
BREAK_ONLY_BEFORE_DATE = false

Unsure if the above config is best for trap messages but it seems to work.

 Pic of traps as they come into splunk:  imgur.com/RcmA93R)

I then use the IFX tool to extract specific lines from the trap message, however this sometimes works and sometimes breaks?

When it works it successfully extracts the results of 1 line.

 Pic of a working extraction: imgur.com/E0xtHs3

Other times it extracts the line i want but it also extracts the rest of the message so i end up with multiple lines in my extraction.

 Pic of a non working extraction:  imgur.com/EKdUOFm

I have played about with the rex config in props.conf to stop extracting after the end of line but having no joy with this. What rex can i use that basically says 'stop' after the end of line and do not continue with any more extraction.

This is the rex config generated from IFX:

EXTRACT-imsva_log_type = (?i) .*?: (?P<imsva_log_type>[a-z]+)
EXTRACT-imsva_trapoid = (?im)^(?:[^:\n]*:){2}\w+\.\d+\.\d+\s+(?P<imsva_trapoid>.+)

Cheers for any help.

*apologies for the pics but dont have enough karma points to post inside the question - yeah great eh and i am paying big bucks for splunk support?