what exactly are you getting there then? where is you props.conf placed? in indexer or search head? You need to place in indexer and restart splunk then log new events , this will affect only new logs

Still not working, any other ideas?

it is not a mandatory field. But Time_prefix only indicate where the time starts. So we need not go to complexity where it only follows "=" sign. So it should work perfectly, right? For more you can refer props.conf specs in docs.splunk.com

I don't see why I'd need the NO_BINARY_CHECK, can you explain that a little bit more please. And for the TIME_PREFIX why would I make it less explicit?

For these index time configs Splunk will look in etc/system/local on the indexer or forwarder. Indexer configs will take priority over the forwarder configs if the forwarder is Not a heavy forwarder. Placing in the app folder can work, but only if there are no conflicting configs in the system local folder. The best place is on the indexer, if there are no heavy forwarders involved. That way you can manage them from one place. Like linu1998 said, the system that holds the configs must be restarted, and it will only affect new events.

Events are broken correctly, the thing I pasted above is from the _raw field, however I went in and changed the numbers so I'm not showing real people's data, the events are being broken up correctly. This can be in a props.conf under an app correct? I don't need to put this in a props.conf at the $SPLUNK_HOME\etc\system\local\ level right?

There was an error in the second field, I fixed it.
These are pretty much all the same answer. The basic problem with your time format was a y instead of a Y.
Are your events getting broken correctly?
Can you post a 'source=yoursource |table _raw` example for this source?

Tried this one, it is not working still.

I thought it says to use %t for all white space characters, but I will make the changes.