Tricky to determine what is the field and what is the value. It seems that value follows : character, but field names appear to have spaces in them (LogMessage ID, Cluster ID, Node ID).  It's not clear if the value for CorrelationID is 'DetailsInfo' or nothing, as the data becomes a bit unclear. 

It looks like it's not possible to determine if the field has no value or not, e.g. see Cluster ID in the first row, which appears to have no value, compared with the second row, where it has a value.

Using the 'extract' command would normally allow you to get at these fields, but same issue applies in defining a consistent pattern. This SPL shows how one way to do this type of KV extraction, but it's a but clunky and does not work correctly because for Cluster ID in the first row it gets the word 'Node'.

| makeresults 
| eval x=split("23:51:43.670 |LogMessage ID : sxntest ClientAddress : 10.207.68.172 Level : 6 EventType : UserLogging Resource: RESTIP EventStatus : Success CEvent : No Category : TestEvent ComID : VMREST CorrelationID : DetailsInfo : Login App ID: DSTest Cluster ID: Node ID: XP2SENTAtPCBUC1###23:51:43.789 |LogMessage ID : sxntest ClientAddress : 10.207.68.175 Level : 7 EventType : UserLogging Resource: RESTIP EventStatus : Success CEvent : No Category : TestEvent ComID : VMREST CorrelationID : DetailsInfo : Login App ID: DSTest Cluster ID: 09XV4R Node ID: XP2SENTXRTPCBUC", "###")
| mvexpand x
| rename x as _raw
| rex "\|(?<fields>.*)"
| fields - _raw
| rex max_match=0 field=fields "(?<key>[^:]*): (?<value>[^ ]*)"
| eval key=trim(key)
| foreach 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 [ eval _k=mvindex(key, <<FIELD>>), _v=mvindex(value, <<FIELD>>), {_k}=_v ]
| fields - _raw _k _v fields key value

If there is no general rule you can write regex for, then you're probably going to have to write a specific rex line to match field names + values as your example.