The props.conf example, that you're showing here, only includes what I would refer to as onboarding config (pre-index). That is linebreaking, date/time extraction, time format, etc. There are also search-time configurations that go into props.conf, such as EXTRACT, where you can specify a regex right in the props file.
You can also reference configurations that reside in transforms.conf, such as with REPORT. My point with the original post is that just having a transforms.conf file doesn't do anything, you have to reference the configs that reside in it from props.conf.
Example:
--- props.conf ---
[my_db]
REPORT-db_extractions = my_db_extractions
--- transforms.conf ---
[my_db_extractions]
DELIMS = "|"
FIELDS ="EventID","AlertTime","UserName",. . ."
Another thing to consider, if you have control over the powershell script, is to output the results of the powershell script in key=value pairs. Splunk will automatically extract key=value pairs. This is more dynamic, in the event that the number of fields changes in your output. No transforms.conf necessary.
... View more