If your context is Splunk's internal authentication system, then yes. Password changes produce an entry in the _audit index:
index=_audit "action=password change"
Will show you the relevant log entries.
If you are using an external authentication mechanism (AD/LDAP), you will probably need to go to the source. But I am not sure about that one.