The ‘user’ (created_by or updated_by) is not populated by default, but you can turn that on by adding a field to the schema.json for a given collection (Populate and Select | Strapi Documentation). I haven’t had to update the collection’s controller as the above documentation suggests, but since the User is a relation, I did need to request population of relations in the API request (see ‘Population’, further up on the same page). I used populate=* but you could request just the user relation.
Once you have the fields populated, you can also use them for querying (Filters, Locale, and Publication State | Strapi Documentation).
Be aware that the above exposes user names on the API … You should leave authentication turned on for any content type where you allow user details to be populated.