New Vulnerabilities Detected Since Last Scan - Qualys

As the title suggests this Splunk Search will dedup results so you can better see changes in Vulnerability detection scan to scan within the Qualys Sourcetype:

eventtype="qualys_vm_detection_event" | dedup QID |stats count by SEVERITY

I take no credit for this. These queries were discovered on Tarun Kumar's blog.