Here is my sample file. The issue I see is that if the powershell script is terminated and allowed to end on its own then each event does not have an end time.

Here is the props stanza I'm trying to make work.

[ps_transcript]
DATETIME_CONFIG =
TIME_FORMAT = %Y%m%d%H%M%S
TIME_PREFIX = Start\stime:
SHOULD_LINEMERGE = true
NO_BINARY_CHECK = true
category = Custom
disabled = false
MUST_BREAK_AFTER = End\stime:.+$*+$
MUST_NOT_BREAK_AFTER = *+$

Sample file is shown below.

Windows PowerShell transcript start
Start time: 20180925105637
Username: DESKTOP-RAA-X32\Administrator
RunAs User: DESKTOP-RAA-X32\Administrator
Configuration Name:
Machine: DESKTOP-RAA-X32 (Microsoft Windows NT 10.0.17134.0)
Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Administrator\Desktop\Get_User_Last_Logon_v1.2.ps1'
Process ID: 3632
PSVersion: 5.1.17134.228
PSEdition: Desktop
PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.228
BuildVersion: 10.0.17134.228
CLRVersion: 4.0.30319.42000
WSManStackVersion: 3.0
PSRemotingProtocolVersion: 2.3
SerializationVersion: 1.1.0.1

Command start time: 20180925105637

PS>. 'C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1'

1. Hive: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system

Name Property

audit ProcessCreationIncludeCmdLine_Enabled : 1

Command start time: 20180925105641

PS>if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Administrator\Desktop\Get_User_Last_Logon_v1.2.ps1'
Execution Policy Change
The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the about_Execution_Policies help topic at https:/go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
&Yes Yes to &All &No No to A≪ &Suspend
Y

Windows PowerShell transcript start
Start time: 20180925105652
Username: DESKTOP-RAA-X32\Administrator
RunAs User: DESKTOP-RAA-X32\Administrator
Configuration Name:
Machine: DESKTOP-RAA-X32 (Microsoft Windows NT 10.0.17134.0)
Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Administrator\Desktop\Get_User_Last_Logon_v1.2.ps1'
Process ID: 3632
PSVersion: 5.1.17134.228
PSEdition: Desktop
PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.228
BuildVersion: 10.0.17134.228
CLRVersion: 4.0.30319.42000
WSManStackVersion: 3.0
PSRemotingProtocolVersion: 2.3
SerializationVersion: 1.1.0.1

Command start time: 20180925105652

PS>CommandInvocation(Out-String): "Out-String"

ParameterBinding(Out-String): name="InputObject"; value="The specified module 'activedirectory' was not loaded because no valid module file was found in any module directory."

import-module : The specified module 'activedirectory' was not loaded because no valid module file was found in any
module directory.
At C:\Users\Administrator\Desktop\Get_User_Last_Logon_v1.2.ps1:18 char:1
+ import-module activedirectory
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (activedirectory:String) [Import-Module], FileNotFoundException
+ FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand
import-module : The specified module 'activedirectory' was not loaded because no valid module file was found in any
module directory.
At C:\Users\Administrator\Desktop\Get_User_Last_Logon_v1.2.ps1:18 char:1
+ import-module activedirectory
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (activedirectory:String) [Import-Module], FileNotFoundException
+ FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand
import-module : The specified module 'activedirectory' was not loaded because no valid module file was found in any
module directory.
At C:\Users\Administrator\Desktop\Get_User_Last_Logon_v1.2.ps1:18 char:1
+ import-module activedirectory
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (activedirectory:String) [Import-Module], FileNotFoundException
+ FullyQualifiedErrorId : Modules_ModuleNotFound,Microsoft.PowerShell.Commands.ImportModuleCommand

The domain is contoso.com
Processing the checks ...

Windows PowerShell transcript start
Start time: 20180925105742
Username: DESKTOP-RAA-X32\Administrator
RunAs User: DESKTOP-RAA-X32\Administrator
Configuration Name:
Machine: DESKTOP-RAA-X32 (Microsoft Windows NT 10.0.17134.0)
Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Administrator\Desktop\Get_User_Last_Logon_v1.2.ps1'
Process ID: 3632
PSVersion: 5.1.17134.228
PSEdition: Desktop
PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.228
BuildVersion: 10.0.17134.228
CLRVersion: 4.0.30319.42000
WSManStackVersion: 3.0
PSRemotingProtocolVersion: 2.3
SerializationVersion: 1.1.0.1

Command start time: 20180925105743

PS>CommandInvocation(Out-String): "Out-String"

ParameterBinding(Out-String): name="InputObject"; value="Exception calling "GetCurrentForest" with "0" argument(s): "Current security context is not associated with an Active Directory domain or forest.""

Exception calling "GetCurrentForest" with "0" argument(s): "Current security context is not associated with an Active
Directory domain or forest."
At C:\Users\Administrator\Desktop\Get_User_Last_Logon_v1.2.ps1:23 char:1
+ $myForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCur ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ActiveDirectoryOperationException
Exception calling "GetCurrentForest" with "0" argument(s): "Current security context is not associated with an Active
Directory domain or forest."
At C:\Users\Administrator\Desktop\Get_User_Last_Logon_v1.2.ps1:23 char:1
+ $myForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCur ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ActiveDirectoryOperationException
Exception calling "GetCurrentForest" with "0" argument(s): "Current security context is not associated with an Active
Directory domain or forest."
At C:\Users\Administrator\Desktop\Get_User_Last_Logon_v1.2.ps1:23 char:1
+ $myForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCur ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : ActiveDirectoryOperationException

The last logon occured the
It was done against

Command start time: 20180925105748

PS>$global:?
True

Windows PowerShell transcript end
End time: 20180925105748