I don't believe Splunk audit logs will audit the changes to that level.
The only way I can think of determining the details would be to compare the lookup file contents by comparing the backup versions.
A log entry should show that a backup was created. You could correlate the backup file version to the change (search for "A backup of the lookup file was created"). However, I'm don't know of a way to access the backup lookup file via a Search.