Wich is the best way to parse logs with XML seccion

You could try something like

if "xml" in [message] {
        dissect { mapping => { "message" => "%{}[%{}]%{}[%{[@metadata][xml]}]%{}" } }
}

Then if the XML is valid (what you have shown is not) you could parse it with an xml filter

xml { source => "[@metadata][xml]" target => "theXML" }