Running Elasticsearch 8.2.3 and heartbeat 8.2
We've installed heartbeat on a server(manual install) which is polling multiple hosts every 30 seconds and sending the data to Elasticsearch, this data comes in at a steady pace.
After this, we've created an alerting rule that checks every minute if in the last 180 seconds a monitor was down for 3 or more documents.
When adding a non-existing host to our heartbeat, the host correctly is detected as "down" by the alert but occasionally changes to "recovered" and then goes "down" again immediately.
Is there a configuration change I can do so it doesn't recover when it shouldn't?