The following Splunk Search (query) is for Qualys and will show vulnerability count for Windows Hosts. This query assumes that your index is defined as qualys.
index=qualys HOSTVULN SEVERITY=3 OR 4 OR 5 TYPE="CONFIRMED" earliest=-30d@d | dedup HOST_ID, QID | search STATUS!="FIXED" | join QID [ search index=qualys QID_INFO PATCHABLE=1] | join HOST_ID [ search index=qualys HOSTSUMMARY: OS="Windows*" NOT "Windows Server*" | where cidrmatch("10.128.0.0/9", IP) ] | stats count(QID) as #_Vulns by OS | sort -#_Vulns | addcoltotals #_Vulns
* DISCLOSURE* – I did not create this query. That credit goes to Jeff Leggett.