Elastic OpenID Keyclock failed cannot find realm

Unfortunately, I / we are not experts on Keycloak portion

did you try setting the realm name in keycloak to oidc1 as it is defined in elasticsearch.yml perhaps they need to be consistent

You can up the logging with

 PUT /_cluster/settings
 {
   "transient": {
     "logger.org.elasticsearch.xpack.security.authc.oidc": "trace"
   }
 }

There is also some advice here

Post some of the additional logs and perhaps we can help.

I also notice that you elasticsearch.yml definitions do not follow the same patterns as in our example...

xpack.security.authc.realms.oidc.oidc1:
  order: 2
  rp.client_id: "the_client_id"
  rp.response_type: code
  rp.redirect_uri: "https://kibana.example.org:5601/api/security/oidc/callback"
  op.issuer: "https://op.example.org"
  op.authorization_endpoint: "https://op.example.org/oauth2/v1/authorize"
  op.token_endpoint: "https://op.example.org/oauth2/v1/token"
  op.jwkset_path: oidc/jwkset.json
  op.userinfo_endpoint: "https://op.example.org/oauth2/v1/userinfo"
  op.endsession_endpoint: "https://op.example.org/oauth2/v1/logout"
  rp.post_logout_redirect_uri: "https://kibana.example.org:5601/security/logged_out"
  claims.principal: sub
  claims.groups: "http://example.info/claims/groups"`

I am not an expert on that portion but what you have does not seem to follow the patterns but perhaps you are more of the expert

Example from here