I don't just want the specific CA-x label, I also want to be able to see the next update information and everything else from the log file. I need to be able to create a report of all active CA's, and an alert for when a CA is being revoked. All of the information listed for CA-49, which is shown in the original post, I have to see for every single CA I am using (around 20 CA's total), but CA-41, CA-42, CA-43, and CA-44 almost never show that information despite being identical in the actual log file (outside of the CA-x label). And like I said in the original post, if I clean the event data for crl, it'll display everything for all CA's like I need, but that requires, all through the command line, splunk to be stopped, the crl index to be cleaned of the eventdata, and splunk to be started. That is not a solution that will work for my needs.
... View more