Hey folks,
We’re working with Graylog to log all information from our video games, as part of that, we’ve encountered situations where we want to store arrays of a variable length in graylog.
For example, two users may begin a trade where User 1 trades items A, B and C for items D and E, ideally, we’d just store sender_offer: A, B,C, recipient_offer: D, E, but after doing some research we understand GELF does not accept lists.
The way we see it, we could store a comma separated string for each value, for example, sender: “A, B, C” recipient: “D, E”, but then this is quite hard to query (we’d have to use wildcards all over), alternatively, we could assign a field per value, for example sender_0: A sender_1: B, sender_2: C recipient_0: D recipient_1:E, but this is also hard to query, especially for a specific item (sender_0 is item or sender_1 is item or …)
Is there a better way or is one of these approaches preferred?
Thanks!