You need to explicitly enable auditing for the key you want to watch (google windows registry auditing); after that, you will see events in your windows event log (which you will need to forward to your splunk instance). If I am not mistaken, those would be events with the id 4657, so a search could look something like this:
index = wineventlog | 4657
Hi Barty001
which creation ? please let me known