Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Deduplication Guide
  3. Configuring deduplication
  4. About MSDP fingerprinting
  5. About the last backups of clients
  6. About Rule format
NetBackup™ Deduplication Guide

About Rule format

The rules are managed in a JSON format as with the following example.

{
    "defaults": {
        "full_image_search_depth": 1000,
        "affinity_time_gap_sec": 600,
        "affinity_size_gap_ratio": 0.1,
        "diversity_scale": 2,
        "max_imagecluster_candidates_no_source_size": 14,
        "max_imagecluster_candidates_with_source_size": 2,
        "max_incremental_images": 20
    },
    "source_list": [
        {
            "path": "SAMPLE_DSID/SAMPLE_CLIENT/SAMPLE_POLICY",
            "params": {}
        }
    ]
}

The configuration consists of two main sections defaults and source_list.

The defaults section defines the default values that apply to all rules unless overridden.

Table: The default parameters

Parameter

Default

Limits

Description

full_image_search_depth

1000

1 - 1000

Specifies how far back to search for full backup images.

affinity_time_gap_sec

600

60 - 43200

Maximum time gap (in seconds) for grouping backups into the same time cluster.

affinity_size_gap_ratio

0.1

0.01 - 10.0

Determines the acceptable size variation when source size is known, or diversity when unknown.

diversity_scale

2

0 - 30

Limits the number of distinct size clusters when source size is unknown.

max_imagecluster_candidates _no_source_size

14

1 - 30

Maximum candidate clusters when source size is unknown.

max_imagecluster_candidates _with_source_size

2

1 - 30

Maximum candidate clusters when source size is known.

max_incremental_images

20

0 - 100

Maximum number of the incremental images that are included after the selected full backup.

The source_list section defines the data sources to which dynamic last image rules apply. Each entry specifies a data source and, optionally, parameter overrides that differ from the default values.

The following table lists the fields that are included in each source_list entry.

Table: The source_list fields

Field

Description

path

Defines the data source to which the current rule applies, in the format DSID/Client/Policy.

  • Use exactly two slashes to separate the three segments. For example, 2/MyClient/MyPolicy, 3/*/MyPolicy.

  • You can use * in any segment to represent all values. For example, */ */MyPolicy.

    Wildcards must be entire segments; partial patterns (such as MyPolicy*) are not supported.

  • Entries with invalid paths are ignored. For example, missing a slash.

    Check the logs if a rule does not apply.

Params (optional)

Same parameter names as in defaults. If present, they override the defaults only for this path. Omit any parameter you do not want to override.

Note:

If there are no deduplication efficiency issues, configuring dynamic rules is not required. Avoid creating a large number of rules, as excessive configuration may result in server-side request rejections.

When a dynamic last image rule is applied for a client, the following message is logged in the spad session log for the action=getlastimage request:

Got dynamic last images for DSID/Client/Policy

If the spad trace log is enabled, additional details are logged, including information about the selected full and incremental images.

Feedback

Was this page helpful?
Previous

About dynamic last images

Next

About seeding the MSDP fingerprint cache for remote client deduplication

Feedback

Was this page helpful?