The following Splunk Search (query) is for Qualys and will show the top 10 vulnerabilities by severity as well as a Count of Devices.

sourcetype=qualys_vm_detection HOSTVULN SEVERITY=3 OR 4 OR 5 TYPE="CONFIRMED" earliest=-30d@d| dedup HOST_ID, QID | search STATUS!="FIXED" | join QID [ search sourcetype=qualys_knowledgebase PATCHABLE=1 ]   | eval Published=strftime(strptime(PUBLISHED_DATETIME, "%Y-%m-%d"), "%m/%d/%Y") | join HOST_ID [ search sourcetype=qualys_vm_detection HOSTSUMMARY OS="Windows*" NOT "Windows Server*" | where cidrmatch("10.128.0.0/9", IP)  ]  |  stats count(HOST_ID) as #_Hosts by QID, Published, TITLE, SEVERITY | sort  -SEVERITY, 10 -#_Hosts

* DISCLOSURE* – I did not create this query. That credit goes to Jeff Leggett.