Rubrik Logo
CXO Visionaries
CXO ExperiencesArrow Icon
Zero LabsCommunityCXO Newsletter
Rubrik
LinkedInTwitterFacebookYouTubeInstagram

Call us at 1-844-478-2745

Submit Interest

ABOUT RUBRIK

CompanyLeadershipInvestor RelationsNewsroom & Press ReleasesCareersBlog

NEW TO RUBRIK

Why RubrikProductsSolutionsPartnersCustomersResources

POPULAR LINKS

Cyber RecoveryBackup & RecoveryRansomware Recovery Cloud Disaster RecoveryCloud Database Backup and Recovery ServiceSaaS Backups

CompanyLeadershipInvestor RelationsNewsroom & Press ReleasesCareersBlog
Why RubrikProductsSolutionsPartnersCustomersResources
Cyber RecoveryBackup & RecoveryRansomware Recovery Cloud Disaster RecoveryCloud Database Backup and Recovery ServiceSaaS Backups

CompanyLeadershipInvestor RelationsNewsroom & Press ReleasesCareersBlog
Why RubrikProductsSolutionsPartnersCustomersResources
Cyber RecoveryBackup & RecoveryRansomware Recovery Cloud Disaster RecoveryCloud Database Backup and Recovery ServiceSaaS Backups
  • Cookie Policy
  • Legal
  • Privacy Policy
  • Terms of Use
  • Trust
  • CA Residents only: Do not sell or share my personal information | Do not share my sensitive information

© 2026 Rubrik – Zero Trust Data Security™

Technical Blog Hub

Retrieving Snapshot History from Rubrik Security Cloud with rkGetSnapshots()

TutorialAPI-First Automation
JUL 14, 20265 min read
TutorialAPI-First Automation
JUL 14, 20265 min read
Finding Unprotected Workloads in Rubrik Security Cloud with rkGetProtectionStatus()
Share
Background
Technical Blog Hub

Retrieving Snapshot History from Rubrik Security Cloud with rkGetSnapshots()

TutorialAPI-First Automation
JUL 14, 20265 min read
TutorialAPI-First Automation
JUL 14, 20265 min read
Finding Unprotected Workloads in Rubrik Security Cloud with rkGetProtectionStatus()
Share

Table of Contents

Introduction

In Week 7, we built rkGetProtectionStatus() to retrieve protection and compliance state per workload.

In Week 6, we built rkGetSnapshotCount() to retrieve snapshot statistics across VMware VMs and filesets.

In Week 5, we extended rkGetSLAs() with cursor-based pagination and retention normalisation.

Up until now, the framework has been asking: "Should this workload be protected?"

Starting this week, we ask a harder question: "Can we prove that protection is actually happening?"

The answer lies in backup history. Every successful protection operation produces snapshots, making snapshot history the most reliable evidence that backups are occurring on schedule. A workload can have a valid SLA assignment, show PROTECTED status, and still have gaps in its recovery points due to backup failures or configuration drift.

This week we introduce:

rkGetSnapshots()

A reusable helper that retrieves individual recovery points for any protected workload directly from RSC.

Why Snapshot History Is Operational Truth

SLA assignments describe intended protection. Snapshots record what actually happened.

These are not the same thing. A workload may have a perfectly configured SLA, report as compliant, and still experience backup failures or unexpected gaps in recovery points. Protection status tells you what Rubrik thinks. Snapshot history tells you what Rubrik did.

This is the information administrators reach for during audits, incident response, and routine health checks:

  • When was the last successful backup?
  • How many recovery points are available right now?
  • Are backups being created at the expected frequency?
  • How long are snapshots being retained?

None of these questions are answerable from protection status alone.

 

Practitioner Tip

"One of the most common questions during backup audits is surprisingly simple: 'Show me the last successful backup.' I've seen administrators manually browse snapshot history to answer this during customer engagements. Automating that process not only saves time, it provides consistent, repeatable evidence during health checks and recovery readiness reviews. Once snapshot history is available programmatically, backup validation stops being a manual exercise."

Understanding Snapshots in RSC

In Rubrik Security Cloud, each successful protection operation produces one or more snapshots. A snapshot is a point-in-time recovery image of a protected workload: the actual artifact used for recovery, Live Mount, or export.

Each snapshot carries:

  • Snapshot ID
  • Creation timestamp
  • Expiration timestamp

Depending on workload type, additional metadata may be available. For our purposes, these three fields are sufficient to build backup validation, compliance reporting, and gap analysis workflows.

The RSC GraphQL API exposes snapshot history through snapshotOfASnappableConnection. The query accepts a workloadId and returns a paginated list of snapshots sorted by date.

Designing rkGetSnapshots()

The helper is designed to a simple contract:                  

function rkGetSnapshots(
    string $workloadId,
    int $maxSnapshots = 100
): array          

One call returns a normalized snapshot array for any supported workload type. Authentication, query construction, and pagination are handled internally.

Example usage:          

$snapshots = rkGetSnapshots($workloadId);

foreach ($snapshots as $snapshot)
{
    printf(
        "%s (%s)\n",
        $snapshot['date'],
        $snapshot['expirationDate']
    );
}         

Like the previous helpers in the framework, rkGetSnapshots() hides GraphQL complexity behind a clean PHP interface. Future functions can retrieve full snapshot history with a single call.

Building the GraphQL Query

Inside the helper, the query is parameterized: 

$query = '
query SnapshotHistory(
    $workloadId: String!,
    $first: Int!,
    $after: String
)
{
    snapshotOfASnappableConnection(
        workloadId: $workloadId,
        first: $first,
        after: $after,
        sortOrder: DESC
    )
    {
        count

        nodes
        {
            id
            date
            expirationDate
        }

        pageInfo
        {
            hasNextPage
            endCursor
        }
    }
}';     

A few things worth noting:

  • sortOrder: DESC returns the most recent snapshots first, which is the order most operational workflows need.
  • count gives you the total number of available recovery points without having to count the returned nodes yourself.
  • We request only the fields we need. GraphQL performs field selection server-side. There is no benefit to fetching a large payload and filtering in PHP afterward. For a single workload this is a minor point. Across hundreds of workloads in a reporting loop, it becomes meaningful.
 

Practitioner Tip

"Validate this query in the RSC GraphQL Playground before writing PHP against it. Pass a real workloadId from your environment and confirm the response shape. The fid values returned by rkGetProtectionStatus() are the correct input here."

Handling Pagination

By now, pagination should feel familiar. The process is identical to the SLA and Snappable examples from previous weeks:

do
{
    $result = rkGraphQLQuery(
        $query,
        $variables
    );

    // Process snapshots

    $hasNextPage = $pageInfo['hasNextPage'];

}
while ($hasNextPage); 

This allows the helper to retrieve complete snapshot history regardless of the number of recovery points.

Normalizing the Output

The helper returns a clean PHP array:

[
    [
        'id'             => 'Snapshot:12345',
        'date'           => '2025-11-20T02:00:00Z',
        'expirationDate' => '2025-12-20T02:00:00Z'
    ],
    [
        'id'             => 'Snapshot:12346',
        'date'           => '2025-11-21T02:00:00Z',
        'expirationDate' => '2025-12-21T02:00:00Z'
    ]
]

By abstracting the raw GraphQL response into a consistent structure, future helpers do not need to understand the underlying schema. They consume normalized snapshot objects, keeping the framework maintainable as it grows.

This structure is immediately reusable for backup health validation, compliance reporting, gap analysis, and operational dashboards.

Example Output

A simple CLI test produces:

Workload: PROD-SQL01

Snapshots Found: 14

2025-11-21 02:00 UTC
2025-11-20 02:00 UTC
2025-11-19 02:00 UTC
2025-11-18 02:00 UTC
2025-11-17 02:00 UTC
[...]

Immediate visibility into actual recovery points, not configuration metadata.

What This Week Really Delivers

This helper marks the point where the framework moves beyond inventory and configuration data into operational backup intelligence.

Until now, the framework has been collecting information about workloads. From this point forward, it will begin evaluating how well those workloads are actually being protected.

Commit of the Week

/core/rkGetSnapshots.php

What's Next

Having snapshot history is useful. Having to manually inspect it is not.

In Week 9, we transform raw snapshot records into backup health indicators. Rather than returning a list of timestamps, the framework will begin evaluating that list: identifying the most recent backup, flagging workloads with no activity in the last 24 or 48 hours, detecting gaps in expected backup frequency, and surfacing workloads that need attention before they become recovery problems.

This is where the framework moves from data collection into automated backup health assessment.

Contributed by

Frederic Lhoest
Frederic Lhoest

Senior Technology Architect, PCCW Global

Frederic is an automation expert and veteran architect with over 25 years of experience in streamlining data center operations and seamless workflows. He is a VMware and Nutanix AHV expert, with a proven track record of turning complex operational obstacles into efficient, automated systems. Beyond his technical role, he is a prominent speaker and leader in the Rubrik practitioner community, dedicated to fostering collaborative environments where real-world challenges meet innovative solutions.
Mike Preston
Mike Preston

Staff Technical Marketing Manager, Rubrik

Mike Preston is a Staff Technical Marketing Architect at Rubrik, leading the charge in all things Cloud and Automation. With an education focused on software engineering and over 25 years of IT operations experience, Mike strives to bridge the gap between development and operations — automating processes and streamlining workflows. He is the Toronto VMUG leader, author of Troubleshooting vSphere Storage, and an overall believer in sharing the knowledge!

Related Blogs

View all Posts
Talking to Rubrik Security Cloud: PHP Authentication with rkRscGetToken
Tutorial
MAY 13, 2026

Talking to Rubrik Security Cloud: PHP Authentication with rkRscGetToken

Learn how to build a secure, production-ready PHP authentication helper for Rubrik Security Cloud using OAuth2, token caching, and environment variables.

6 min read

Frederic Lhoest

Frederic Lhoest

Senior Technology Architect

PCCW Global

Your First GraphQL Query in Rubrik Security Cloud (From Token to Data)
Tutorial
MAY 29, 2026

Your First GraphQL Query in Rubrik Security Cloud (From Token to Data)

Learn to execute your first GraphQL query in Rubrik Security Cloud using PHP. Master token authentication, cURL validation, and parsing responses beyond HTTP 200.

5 min read

Frederic Lhoest

Frederic Lhoest

Senior Technology Architect

PCCW Global

Scaling rkGetSLAs() with Pagination, Retention, and Production-Ready SLA Data
Tutorial
JUN 10, 2026

Scaling rkGetSLAs() with Pagination, Retention, and Production-Ready SLA Data

Learn how to scale rkGetSLAs() using cursor-based pagination and normalize Rubrik SLA Domain retention data for production-ready automation and compliance reporting.

4 min read

Frederic Lhoest

Frederic Lhoest

Senior Technology Architect

PCCW Global

View all Posts

Share Your Insights

Have an interesting story or technical findings to share? Reach out to create a blog with us.

Learning & Certifications

Access free and instructor-led training and certification paths to master Rubrik products and maximise your data security expertise.

Explore coursesNext
Background

Share Your Insights

Have an interesting story or technical findings to share? Reach out to create a blog with us.

Learning & Certifications

Access free and instructor-led training and certification paths to master Rubrik products and maximise your data security expertise.

Explore coursesNext