I am trying to put together a search that shows all of my vulnerabilities in Qualys for all of my servers that are being scanned. I want to be able to show vulnerability increase or decrease from the scan that runs every week. I have put together the following search that shows me the amount of vulnerabilities that were fixed during the last patching window and scan cycle but I think I am making the end goal way more complicated than it should be. Thanks for any help anyone can provide!
index=qualys IP=* STATUS=FIXED
| convert mktime(LAST_FIXED_DATETIME) timeformat=%Y-%m-%dT%H:%M:%S%Z
| eval lfd=round(relative_time(now(), "-7d@d"))
| where LAST_FIXED_DATETIME >= lfd
| eval isitfixed=if(STATUS="FIXED","yes","no")
| streamstats count(eval(isitfixed="yes")) as Fixed
| timechart last(Fixed) AS Fixed span=7d