Splunk supports the asterisk (*) wildcard for searching. Searching for * by itself means "match all" and returns all events. Searching for * as part of a word matches based on that word: for example fail* matches fail, failure, and failures. See also:
I am not sure which changes you try to identify, but you can use fschange to detect chages in files.
Hope that answers your question?