Are you using a distributed environment? If so, which admin to which component of Splunk cannot return the results? This will make a difference. At first glance, I would say this is a permissions issue if one user can access the data and another can't, it would also be useful to see your full search query and to make sure you are running the searches from the same app in Splunk, just in case you're relying on any app specific commands/lookups.
To see which users have access to which indexes you will need to run the below as an admin on the searchead, I would also run it as the user who can see the data,
| rest /services/authentication/users | rename title AS username roles AS role | mvexpand role | fields realname username role | join type=outer role [ rest /services/authorization/roles | rename title AS role | eval indexes=mvjoin(srchIndexesAllowed," ; ") | fields role indexes] | table username role indexes
This will gives you a list of permissions. let me know how you get on.
... View more