IBM Support

QRadar: XML special characters must be 'escaped'



There are special characters that can not be used or need to be 'escaped' in XML files. An example of this would be the alert-config.xml document.


XML has five forbidden characters &, <, >, ', and "

Resolving The Problem

When these forbidden characters are used as part of URLs, they cause errors. In order to use these characters, you need to use XML escape mechanisms.

& is &amp;

< is &lt;

> is &gt;

' is &apos;

" is &quot;

This example is a URL that works:


The &amp; character will all translate to a literal ampersand symbol in your email.

This example is a URL that does not work:


This causes the /opt/qradar/bin/ script to fail with this error message:
[Fatal Error] alert-config.xml:<linenumber>: The reference to entity "(Object directly after the ampersand" must end with the ';' delimiter.
Failed XML parser validation. XML document is not well formed.

Where do you find more information?

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018