The following Splunk Search (query) is for Qualys and will show vulnerability count for Windows Hosts. This query assumes that your index is defined as qualys.
index=qualys HOSTVULN SEVERITY=3 OR 4 OR 5 TYPE="CONFIRMED" earliest=-30d@d | dedup HOST_ID, QID | search STATUS!="FIXED" |join QID | join HOST_ID | stats count(QID) as #_Vulns by OS | sort -#_Vulns | addcoltotals #_Vulns
* DISCLOSURE* – I did not create this query. That credit goes to Jeff Leggett.