how to record tcp connection change for F5 LTM

You might be able to get this information by polling SNMP stats, but that approach gets complicated very quickly. An alternative might be to apply an iRule to the VIP which logs all of the connections points to /var/log/ltm, like this:

when CLIENT_ACCEPTED {
  set ext_src [IP::remote_addr]:[TCP::remote_port]
  set ext_dst [IP::local_addr]:[TCP::local_port]
}

when SERVER_CONNECTED {
  set int_src [IP::local_addr]:[TCP::local_port]
  set int_dst [IP::remote_addr]:[TCP::remote_port]
  log local0. "$ext_src->$ext_dst->$int_src->$int_dst"
}

From there, you'll need to do your own post-processing of the log entries to calculate the numbers you are interested in. Also if you consider applying this iRule, consider the number of connections the VIP is receiving and the LTM hardware. If the VIP is very, very busy, and you're running a lower-end platform, I suppose it is theoretically possible to degrade the performance of the LTM due to the amount of information being written to disk (i.e. the log file).

such as ,in the given 10 mins,100 tcp connections are created in pool member test1 while 15 are closed

i think table counting may be useful.

v10.1 - The table Command - Counting by Spark