Try this

.... | eval lastWeek=relative_time(now(), "-7d@d") | where lastConnected>lastWeek | dedup guid

OR, instead of deduping on guid, you could do

.... | eval lastWeek=relative_time(now(), "-7d@d") | where lastConnected>lastWeek | stats <<count and/or other functions>> by guid

Dedup is an expensive operation and should be avoided if possible.