@monteirolopes... depends on how you are loading XML data. Is the entire content itself XML or is XML part of content with some additional text without XML format.

For raw XML event
Based on whether you want to have Splunk perform automatic XML extraction during index time or search time you can choose between either one of INDEXED_EXTRACTIONS or KV_MODE as XML. Refer to the following documentation: http://docs.splunk.com/Documentation/Splunk/latest/Data/Extractfieldsfromfileswithstructureddata#Pro...

For XML data as a subset of raw event
You can use spath to traverse XML once you have extracted XML Data.

Please find below run anywhere search for your mock data. Also refer to spath documentation: http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Spath

| makeresults
| eval mockXMLData="<Flow_data>Content1</Flow_data><Detected_signatures>Content2</Detected_signatures>"
| spath input=mockXMLData path=Detected_signatures output=key
| table key mockXMLData

PS: You can apply regular expression using rex, command but spath has been written specifically for XML and JSON data parsing.