I have a single user that is being affected by a strange issue where they are able to search, however the event table returns no content:

If this user submits a search the URL appears to be malformed:

https://splunkinstance.site:8000/en-US/app/search/search?dispatch.sample_ratio=1&display.events.fields=%5B%22host%22%2C%22source%22%2C%22sourcetype%22%2C%22callerIpAddress%22%2C%22category%22%2C%22tag%22%2C%22tag%3A%3Aeventtype%22%2C%22ms_Mcs_AdmPwd%22%2C%22user_login%22%2C%22user_caps%22%2C%22object_type%22%2C%22object_name%22%2C%22hist_ip%22%2C%22signature%22%2C%22error%22%2C%22sender%22%2C%22mail%22%5D&display.events.list.wrap=1&display.events.maxLines=5&display.events.rowNumbers=0&display.events.table.wrap=1&display.events.type=list&display.general.type=events&display.page.search.mode=verbose&display.page.search.tab=events&display.prefs.events.count=10&workload_pool=&q=search%20index%3Dweb&earliest=-15m&latest=now&sid=1620911471.38537_9F0273CD-B076-4A00-B73C-8A9CFED6A82A

While if I issue the same search my URL:

https://splunkinstance.site:8000/en-US/app/search/
search?earliest=-15m&latest=now&q=search%20index%3Dweb&display.page.search.mode=verbose&dispatch.sample_ratio=1&workload_pool=&sid=1620911758.72975_80C75F5F-836C-4502-ADC6-6F26EF89DE77

The users GET requests appear to be recalling an extensive field list even when a single index is searched:

index=web | fields index

I've confirmed the issue with the user in different browsers, as well as that the user has correct permissions.