I have a script that feeds Syslog to a TCP port on a Heavy Forwarder box that is EOL.
I set up a new AWS HF and sent the data there in the same port.
I copied the inputs, outputs, props exactly from the old server.
The only problem is that it is not line breaking correctly.
I set SHOULD_LINEMERGE = FALSE in props, but then I get no results...

Here is an example of the logs not breaking...

host_details|"start=2019-07-13T18:09:34.86Z"|"hostname=abc"|"username=efg"|"sensor_id=hijk"
host_details|"start=2019-07-13T18:06:27.53Z"|"hostname=abc"|"username=efg"|"sensor_id=hijk"
host_details|"start=2019-07-13T18:03:34.997Z"|"hostname=abc"|"username=efg"|"sensor_id=hijk"
host_details|"start=2019-07-13T18:03:59.725Z"|"hostname=abc"|"username=efg"|"sensor_id=hijk"
host_details|"start=2019-07-13T17:56:03.449Z"|"hostname=abc"|"username=efg"|"sensor_id=hijk"

I would like each host_detail to be a single event...

Is there a way to set a regex to break each host_details line out individually in props?

Previously on the old server, each host_details entry was a separate event.
I believe something was lost in the cut-over, but I cannot find the missing stanza... have been searching but no luck.
I am on 7.2.6. my base search is just index=foo sourcetype=bar host_details...

Any advice appreciated.