I have a script that pulls wtmp information and saves it to ASCII files but Splunk still insists that my files are binary. In fact, any files I now put in the directory are now considered binary files and cannot be indexed! My config
disabled = false
sourcetype = wtmp
The issue here is the wtmp sourcetype you have defined in the inputs.conf. Splunk will reject the wtmp sourcetype and consider the files binary. Changing the sourcetype to wtmp_log or wtmplogs will solve the issue and allow indexing of files within this directory.
If I recall correctly it was done in python calling the "last" command using subprocess.
See this article for some basic uses for "last".