Audit log configuration not applying

Versions (relevant - OpenSearch):


Describe the issue:

When applying audit log settings they do not take effect. See screenshot of the configuration not being applied. Its also worth pointing out i removed the ignore_users setting as it was throwing an error.
  - kibanaserver
  - filebeat

The work around is to use the UI to configure however this is not efficient for us as its an additional step following installation and every time we re-apply our code for configuration updates the configuration gets removed and requires re-applying via the UI.

Any help would be really appreciated to get this fixed.

Configuration: "security-auditlog-'YYYY.MM.dd'" internal_opensearch false false true true true true NONE NONE

Relevant Logs or Screenshots:

@jamie.stewart I did some testing with just I’ve set it to false and tried to disable audit logging at REST.

It didn’t work in 2.7, 1.0.0 and OpenDistro 1.13.2. 1.9.0 (opendistro_security.audit.enable_rest). It looks like this never worked.
I was able to disable auditing REST with UI only.

There is already a bug reported in the OpenSearch Security plugin.

Thanks for the info.