Is there a way to pull this data without PKI software implemented? For example, through a log source which might indicate when a certificate is about to expire?
Yes. All certs can be interpreted as a series of properties (expiration is one cert property). Common command line tools can query the certs store/wallet/etc. on a daily schedule, and then send that output to a log source (syslog, windows event log, etc.), where Splunk is already picking up the logs.
1) query for gaps between number of certs expected in a day and number received. If the number is off, either a system isn't reporting in, or it's decommissioned, etc.. Splunk alert on it will help you before it's too late. This will make sure your process doesn't accidentally miss a host that was offline for a while.
2) create Splunk reports/dashboards on cert properties for what you need
Lost still? Here's a couple additional pointers for querying certs. This and a few minutes in a search engine should get you going: