In my tests, instant pivot doesn't give you those benefits. When I open in search, it actually reverts to a stats command, which doesn't leverage any of the caching of pivot. But pivot on an accelerated data model would definitely give a lot of this benefit -- check out my .conf preso from last year for an example of how to do that: http://conf.splunk.com/sessions/2014/conf2014_DavidVeuve_Splunk_UsingTrack_SecurityNinjutsu.pdf

Bummer; now I have absolutely no reason to try instant-pivot. Why in the world would they not implement it with any caching?!?!?!?!

Well, a lot of the goal of instant pivot is to give you an easy onramp to using pivot. Once you save the data model, you'll have a formal data model that does the caching, can be accelerated, etc. Instant Pivot allows uers who might not normally play with pivot, to onramp to creating data models easily.

You can also use loadjob without a scheduled search. If you run your base search, you will get a search id (you can grab it from the URL or search inspector). You can reference that search id in loadjob, which I've done a bunch of times. You can even click the Share (or Send Job to Background) buttons in your original search, which will up the TTL of your search to 7 days. That means you can continue to manipulate those results over a period of many days.

Keep in mind that it usually makes sense to grab the first level of base statistics with your original search (rather than the raw events) so that you can make the amount of data being written to, and read off disk on the search head manageable -- it will speed up your loadjob if it doesn't have to read 4 GB of search results in order to do your processing.

Thanks for pointing that out! But for a manner of simplicity, the scheduled saved search and using its name with loadjob would be easier in a dashboard.