Start with a grok filter to separate the pieces that are suitable for parsing with the kv filter, then apply kv to the rest. Something like this (untested) should get you started:
filter {
grok {
match => [
"message",
"... 0\|OWASP\|appsensor\|1\.0\|%{WORD:Detection_point_label}\|%{WORDDetection_point_Category}\|7\|%{GREEDYDATA:keyvalues}"
]
}
kv {
source => "keyvalues"
remove_field => ["keyvalues"]
}
}
I've obviously omitted the beginning of the string in the grok expression (you should be able to use %{SYSLOGBASE} there) and you'll want to replace the hardcoded field values ("appsensor", "7", ...) with something that matches the kind of data you might get there. Or, you could make it match any character that isn't a pipe character with [^|]+.
You could also use a csv filter to split the pipe-separated pieces. That might actually be more elegant.