The SEDCMD is not working at all - the data is not being transformed. As I said, if I do this in an environment where the search head and the indexer are one and the same, and all my search-time field extractions are in the same props.conf as the above, everything works.
The CHARSET must be set correctly for Splunk to read the file correctly; I tried specifying it in the host stanza with the SEDCMD and it didn't help.
The production environment is running 4.3.0, while the dev environment is running 4.3.2.
Cracked it - looks like the character encoding had to be set on the forwarder, rather than on the indexer. I created a props.conf on the forwarder and set it in there and everything worked. Strange that the encoding handling is done on the forwarder when it's not doing any indexing.