You could try
dissect { mapping => { "message" => "<%{syslogPri}>%{[@metadata][ts]} %{+[@metadata][ts]} %{+[@metadata][ts]} %{ip} %{[@metadata][restOfLine]}" } }
date { match => [ "[@metadata][ts]", "MMM dd HH:mm:ss" ] }
kv { source => "[@metadata][restOfLine]" field_split => "|" }
Note that some of your fields are repeated (layer_name and time) so they will be arrays.