if a folder deletes from Linux or files deleted from a Linux folder, will be there any specific keyword?

see in your events or send any event...

I have done it, how can retrieve this particular change using search query to create an alert ?

how you done it , by using fschange /?
see keywords related to you deletion event and write search :

index=<indexname> "keywords" and then go to save as-> alert

fschange is deprecated. Recommended option is to use each OS's native mechanisms for auditing filesystem activity, like auditd in Linux.

Hi Ayn

I am not seeing fschange is deprecated in latest version 6.2 http://docs.splunk.com/Documentation/Splunk/6.2.0/admin/inputsconf

please correct me If I am wrong...

http://docs.splunk.com/Documentation/Splunk/6.2.0/releasenotes/Deprecatedfeatures

hmmm, usually splunk gives any deprecated features in conf files also, but they have not given in inputs.conf for fschange, they need to change the doc for inputs.conf...

No, "deprecated" does not mean "removed". The functionality is still there, but is due for removal, and the recommendation is to explore other options instead.

yeah i am saying that splunk always mentioned that features is deprecated in conf files doc also but here splunk has not mentioned