I am trying to put together a search that shows all of my vulnerabilities in Qualys for all of my servers that are being scanned. I want to be able to show vulnerability increase or decrease from the scan that runs every week. I have put together the following search that shows me the amount of vulnerabilities that were fixed during the last patching window and scan cycle but I think I am making the end goal way more complicated than it should be. Thanks for any help anyone can provide! index=qualys IP=* STATUS=FIXED | convert mktime(LAST_FIXED_DATETIME) timeformat=%Y-%m-%dT%H:%M:%S%Z | eval lfd=round(relative_time(now(), "-7d@d")) | where LAST_FIXED_DATETIME >= lfd | eval isitfixed=if(STATUS="FIXED","yes","no") | streamstats count(eval(isitfixed="yes")) as Fixed | timechart last(Fixed) AS Fixed span=7d ... View more