diff --git a/packages/forgerock/changelog.yml b/packages/forgerock/changelog.yml
index dbc361ee581..1b85fb18720 100644
--- a/packages/forgerock/changelog.yml
+++ b/packages/forgerock/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.21.1"
+  changes:
+    - description: Map the duration `forgerock.response.elapsedTime` as a long not a date.
+      type: bugfix
+      link: https://github.com/elastic/integrations/pull/13959
 - version: "1.21.0"
   changes:
     - description: Update Kibana constraint to support 9.0.0.
diff --git a/packages/forgerock/data_stream/am_access/elasticsearch/ingest_pipeline/default.yml b/packages/forgerock/data_stream/am_access/elasticsearch/ingest_pipeline/default.yml
index 33994afa12d..c4d04df5137 100644
--- a/packages/forgerock/data_stream/am_access/elasticsearch/ingest_pipeline/default.yml
+++ b/packages/forgerock/data_stream/am_access/elasticsearch/ingest_pipeline/default.yml
@@ -95,9 +95,12 @@ processors:
       ignore_failure: true
   - convert:
       field: forgerock.response.elapsedTime
-      target_field: event.duration
       type: long
       ignore_failure: true
+  - set:
+      field: event.duration
+      copy_from: forgerock.response.elapsedTime
+      ignore_empty_value: true
   - script:
       lang: painless
       if: ctx.event?.duration != null && ctx.forgerock?.response?.elapsedTimeUnits == 'MILLISECONDS'
diff --git a/packages/forgerock/data_stream/am_access/fields/forgerock-fields.yml b/packages/forgerock/data_stream/am_access/fields/forgerock-fields.yml
index 2eae6ba27c6..1921a75a851 100644
--- a/packages/forgerock/data_stream/am_access/fields/forgerock-fields.yml
+++ b/packages/forgerock/data_stream/am_access/fields/forgerock-fields.yml
@@ -66,7 +66,7 @@
   type: keyword
   description: The responses's username.
 - name: forgerock.response.elapsedTime
-  type: date
+  type: long
   description: Time to execute event.
 - name: forgerock.response.elapsedTimeUnits
   type: keyword
diff --git a/packages/forgerock/data_stream/idm_access/elasticsearch/ingest_pipeline/default.yml b/packages/forgerock/data_stream/idm_access/elasticsearch/ingest_pipeline/default.yml
index bab1917bfc1..f48ec70aa8f 100644
--- a/packages/forgerock/data_stream/idm_access/elasticsearch/ingest_pipeline/default.yml
+++ b/packages/forgerock/data_stream/idm_access/elasticsearch/ingest_pipeline/default.yml
@@ -87,9 +87,12 @@ processors:
       ignore_failure: true
   - convert:
       field: forgerock.response.elapsedTime
-      target_field: event.duration
       type: long
       ignore_failure: true
+  - set:
+      field: event.duration
+      copy_from: forgerock.response.elapsedTime
+      ignore_empty_value: true
   - script:
       lang: painless
       if: ctx.event?.duration != null && ctx.forgerock?.response?.elapsedTimeUnits == 'MILLISECONDS'
diff --git a/packages/forgerock/data_stream/idm_access/fields/forgerock-fields.yml b/packages/forgerock/data_stream/idm_access/fields/forgerock-fields.yml
index d524180227f..eb54d3d16d2 100644
--- a/packages/forgerock/data_stream/idm_access/fields/forgerock-fields.yml
+++ b/packages/forgerock/data_stream/idm_access/fields/forgerock-fields.yml
@@ -20,7 +20,7 @@
   type: keyword
   description: The protocol associated with the request; REST or PLL.
 - name: forgerock.response.elapsedTime
-  type: date
+  type: long
   description: Time to execute event.
 - name: forgerock.response.elapsedTimeUnits
   type: keyword
diff --git a/packages/forgerock/docs/README.md b/packages/forgerock/docs/README.md
index ff92350398c..2cbf8945519 100644
--- a/packages/forgerock/docs/README.md
+++ b/packages/forgerock/docs/README.md
@@ -120,7 +120,7 @@ An example event for `am_access` looks as following:
 | forgerock.response.detail.scope | The responses's scope. | keyword |
 | forgerock.response.detail.token_type | The responses's token type. | keyword |
 | forgerock.response.detail.username | The responses's username. | keyword |
-| forgerock.response.elapsedTime | Time to execute event. | date |
+| forgerock.response.elapsedTime | Time to execute event. | long |
 | forgerock.response.elapsedTimeUnits | Units for response time. | keyword |
 | forgerock.response.status | Status indicator, usually SUCCESS/SUCCESSFUL or FAIL/FAILED. | keyword |
 | forgerock.roles | IDM roles associated with the request. | keyword |
@@ -618,7 +618,7 @@ An example event for `idm_access` looks as following:
 | forgerock.level | The log level. | keyword |
 | forgerock.request.operation | The request operation. | keyword |
 | forgerock.request.protocol | The protocol associated with the request; REST or PLL. | keyword |
-| forgerock.response.elapsedTime | Time to execute event. | date |
+| forgerock.response.elapsedTime | Time to execute event. | long |
 | forgerock.response.elapsedTimeUnits | Units for response time. | keyword |
 | forgerock.response.status | Status indicator, usually SUCCESS/SUCCESSFUL or FAIL/FAILED. | keyword |
 | forgerock.roles | IDM roles associated with the request. | keyword |
diff --git a/packages/forgerock/manifest.yml b/packages/forgerock/manifest.yml
index e9276819543..f910c0f57bb 100644
--- a/packages/forgerock/manifest.yml
+++ b/packages/forgerock/manifest.yml
@@ -1,6 +1,6 @@
 name: forgerock
 title: "ForgeRock"
-version: "1.21.0"
+version: "1.21.1"
 description: Collect audit logs from ForgeRock with Elastic Agent.
 type: integration
 format_version: "3.0.2"