I'm new to writing apps for Splunk, so I'm trying something simple. A raw payload dump. I have the alert set to log the event and fire off my custom action when CPU usage >20%, and only once every 15 minutes. So i have a reliable trigger source. However, it never seems to launch my action and I can't for the life of me figure out why. I'm trying to get the code to write a line to one file when it launches, write debug to another, and write both json and raw to separate files so I can decide on parsing later. Any thoughts on what I'm doing wrong here?? I'm not even getting the line in the file to let me know it tried to run.

alert_actions.conf:

[NCPAServiceAlert]
is_custom = 1
label = NCPA Service Alert
description = Test Alert for NCPA Listener Service
icon_path = awesomesauce.PNG
payload_format = json
python.version = python3

NCPAServiceAlert.py:

import json
import sys
import logging
import time
import datetime

ts = time.time()
sttime = datetime.datetime.fromtimestamp(ts).strftime('%Y%m%d_%H:%M:%S - ')

didirun = "C:/Users/Public/debug/Did_I_Run.txt"
with open(didirun, "w+") as d:
d.write(sttime + " I ran. Can't say much about the rest though." + \n)

logging.basicConfig(filename='C:/Users/Public/debug/debug.txt', filemode='w' encoding='utf-8', level=logging.DEBUG)

class NCPAServiceAlert:
def __init__(self):
logging.debug()
self.params = [
#"configuration"
#"text"
]

def send_alert
logging.debug()
filejson = "C:/Users/Public/debug/alertdump.txt"
with open(filejson, "w+") as f:
payload = json.loads(sys.stdin.read())
f.write(payload)
fileraw = "C:/Users/Public/debug/generic_dump.txt"
with open(fileraw, "w+") as g:
payload = sys.stdin.read()
g.write(payload)

if __name__ == "__main__":
logging.debug()
if len(sys.argv) < 2 or sys.argv[1] != "--execute":
sys.stderr.write(FATAL EXCEPTION (expected --execute flag)\n)
sys.exit(1)
if not send_alert()
sys.exit(2)

except Exception as e:
sys.stderr.write(ERROR - Unexpected error %s\n % e)
sys.exit(3)