Currently, I have a setup ftp to drop a file in a folder which will be later moved out from the current folder to be processed.
The threshold is 1 and there shall not be any file present in the folder older than 15 mins.
How can I monitor the folder to ensure the file does not stay in the folder for more than 15 mins and it should alert if it stays longer than 15 mins.
fyi: running on Windows platform
I think that it can be realized by shortening the monitoring interval with fschange.
For fschange read the notes in the document.
http://docs.splunk.com/Documentation/Splunk/7.1.1/Data/Monitorchangestoyourfilesystem
How to check on the file if it is there for more than 15 min?
Should it be done by a script?
Rather than getting the log, you can set the file's presence check and the monitoring interval. So I think that fschange is good.
I think that you can realize the time until deletion by alert for 15 minutes.