Key_value in pipelines vs key_value on "input extractors"



we are trying to extract key values from a real world syslog message witch looks like this:

[zipflklatscher@4  webgate_Time="[13/Apr/2017:03:44:31 +0200]" username="XXXXX" client="" http_status="200" webgate_URL="" webgate_URLCategories="Business Zipfl" webgate_URLReputationString="Minimal Risk" mediatype="image/gif" out="561" in="1326" http_ua="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko" webgate_AntimalwareVirusName="" webgate_ApplicationName="" webgate_BlockReason="" webgate_CacheStatus="TCP_MISS" protocol="HTTPS" webgate_Domain="" http_ref=""  ]

by creating a “copy input” extractor based on simple key-value converter all fields seemd to be converted.

but by default key_value extractor used by a pipline, it does not the same as the extractor commented above.
By tweaking arround with the key_value arguments i am not able to set a delimiter by a regex combination, just by a list of strings

rule "webgate_key_value"
  has_field("application_name") && to_string($message.application_name) == "xxx"
    let msg = to_string($message.message);
    set_fields(key_value(value: msg
        ,delimiters: "\" "
        ,kv_delimiters: "="
        ,ignore_empty_values: true
        ,trim_key_chars: "\""
        ,trim_value_chars: "\""


how should the key_value looks like?

Thanks in advance