Users occasionally write in to say that there is a commit from the incorrect or an unknown user or email.
It is part of Support's responsibility to determine whether this is due to a misconfiguration (which is common) or a true security incident.
For more information on using Kibana in general, please see 500 errors workflow.
To find the user who made the commit:
json.meta.project.insertId and the SHA under json.args.json.meta.user indicates the GitLab username that pushed the commit.If logs are unavailable in Kibana (older than 7 days), try searching the project's activity page for the SHA. If that doesn't work, post in Slack #security for assistance.
Based on the search results, check to see if the user is authorized to have access to the project.
If yes, then respond to customer clarifying which user made the commit and for the user to double check their gitconfig name and email address.
If not, then open a a secops issue for further investigation.