//lcawley Verified example output 2017-04-11
[[ml-put-datafeed]]
==== Create Data Feeds

The create data feed API enables you to instantiate a data feed.


===== Request

`PUT _xpack/ml/datafeeds/<feed_id>`


===== Description

You must create a job before you create a data feed.  You can associate only one
data feed to each job.


===== Path Parameters

`feed_id` (required)::
  (string) A numerical character string that uniquely identifies the data feed.


===== Request Body

`aggregations`::
  (object) If set, the data feed performs aggregation searches.
  For more information, see <<ml-datafeed-resource>>.

`chunking_config`::
  (object) Specifies how data searches are split into time chunks.
  See <<ml-datafeed-chunking-config>>.

`frequency`::
  (time units) The interval at which scheduled queries are made while the data
  feed runs in real time. The default value is either the bucket span for short
  bucket spans, or, for longer bucket spans, a sensible fraction of the bucket
  span. For example: "150s".

`indexes` (required)::
  (array) An array of index names. For example: ["it_ops_metrics"].

`job_id` (required)::
 (string) A numerical character string that uniquely identifies the job.

`query`::
  (object) The {es} query domain-specific language (DSL). This value
  corresponds to the query object in an {es} search POST body. All the
  options that are supported by {Es} can be used, as this object is
  passed verbatim to {es}. By default, this property has the following
  value: `{"match_all": {"boost": 1}}`.

`query_delay`::
  (time units) The number of seconds behind real time that data is queried. For
  example, if data from 10:04 a.m. might not be searchable in {es} until
  10:06 a.m., set this property to 120 seconds. The default value is `60s`.

`scroll_size`::
  (unsigned integer) The `size` parameter that is used in {es} searches.
  The default value is `1000`.

`types` (required)::
  (array) A list of types to search for within the specified indices.
  For example: ["network","sql","kpi"].

For more information about these properties,
see <<ml-datafeed-resource, Data Feed Resources>>.


===== Authorization

You must have `manage_ml`, or `manage` cluster privileges to use this API.
For more information, see <<privileges-list-cluster>>.

===== Examples

The following example creates the `datafeed-it-ops-kpi` data feed:

[source,js]
--------------------------------------------------
PUT _xpack/ml/datafeeds/datafeed-it-ops-kpi
{
  "job_id": "it-ops-kpi",
  "indexes": ["it_ops_metrics"],
  "types": ["kpi","network","sql"],
  "query": {
    "match_all": {
          "boost": 1
    }
  }
}
--------------------------------------------------
// CONSOLE
// TEST[skip:todo]

When the data feed is created, you receive the following results:
[source,js]
----
{
  "datafeed_id": "datafeed-it-ops-kpi",
  "job_id": "it-ops-kpi",
  "query_delay": "1m",
  "indexes": [
    "it_ops_metrics"
  ],
  "types": [
    "kpi",
    "network",
    "sql"
  ],
  "query": {
    "match_all": {
      "boost": 1
    }
  },
  "scroll_size": 1000,
  "chunking_config": {
    "mode": "auto"
  }
}
----