7.1.2 is also working again for me.

Yes, the problem is with 7.1.0 and 7.1.1 not with 7.0.X.

I wonder why there is no quick fix yet because the 7.1.0 and 7.1.1 are completely unusable (at least for me).

Its not an issue with a seldom used feature but with ALL searches (with many events) as described above.
Still hoping for a solution.....

I don't do fixes, I just summarized that this behavior has been noticed multiple times and that $SplunkPeople have confirmed that this shouldn't happen. I don't know any details about a fix, sorry.

Version 7.0.3 did also not show the problem. May be it has to do with the usermanagement extensions, they implemented in 7.1

So this happens also with a fresh install using the Enterprise trial license?
Not good.
It probably should become a highlighted issue.

trial converted in dev for my case.
But my old free licence is recreated during the instal. I don't know where is the information that I need to erase to do a real fresh start on Ubuntu.

Mine is also not connected to the internet. Should not matter.

I have the same hash as you.

I've tested a similar quota configuration before, retested yours now and got no success.

I think it is a very severe issue. Searches with many events simply deliver incorrect results regardless of quotas or timerange settings!

I don't have much helpful to add, other than to confirm this issue is present in one of my environments too.

Log shows (trimmed):

05-14-2018 16:46:39.773 INFO SearchStatusEnforcer - sid:rt_1526334389.764 Search finalized.
05-14-2018 16:46:39.773 INFO SearchStatusEnforcer - sid:rt_1526334389.764 Search auto-finalized after disk usage limit (0MB) reached.
05-14-2018 16:46:39.773 INFO SearchStatusEnforcer - State changed to FINALIZING due to: Search auto-finalized after disk usage limit (0MB) reached.
05-14-2018 16:46:41.917 INFO DispatchManager - DispatchManager::dispatchHasFinished(id='rt_1526334389.764', username='admin')