I created an alert action using the latest verison of Add-on Builder (v2.2) using some other Splunk answers posts as a reference. When testing the Alert action in Add-on builder it works and calls the executable correctly sending an event to a ticketing system. When I attempt to use the same code as an alert action for a Correlation Search, it fails. Here's the code from modalert_sendevent_helper.py:

# encoding = utf-8

import os
import sys
import time
import datetime
import subprocess

def process_event(helper, *args, **kwargs):
"""
# IMPORTANT
# Do not remove the anchor macro:start and macro:end lines.
# These lines are used to generate sample code. If they are
# removed, the sample code will not be updated when configurations
# are updated.

[sample_code_macro:start]

# The following example gets the alert action parameters and prints them to the log
title = helper.get_param("title")
helper.log_info("title={}".format(title))

hostname = helper.get_param("hostname")
helper.log_info("hostname={}".format(hostname))

severity = helper.get_param("severity")
helper.log_info("severity={}".format(severity))

sid = helper.get_param("sid")
helper.log_info("sid={}".format(sid))

message = helper.get_param("message")
helper.log_info("message={}".format(message))


# The following example adds two sample events ("hello", "world")
# and writes them to Splunk
# NOTE: Call helper.writeevents() only once after all events
# have been added
helper.addevent("hello", sourcetype="sample_sourcetype")
helper.addevent("world", sourcetype="sample_sourcetype")
helper.writeevents(index="summary", host="localhost", source="localhost")

# The following example gets the events that trigger the alert
events = helper.get_events()
for event in events:
    helper.log_info("event={}".format(event))

# helper.settings is a dict that includes environment configuration
# Example usage: helper.settings["server_uri"]
helper.log_info("server_uri={}".format(helper.settings["server_uri"]))
[sample_code_macro:end]
"""

helper.log_info("Alert action sendevent started.")

# TODO: Implement your alert action logic here

# Remove characters that will break SendEvent syntax
title=helper.get_param("title").replace('"', '').replace("'", '')
message=helper.get_param("message").replace('"', '').replace("'", '')
hostname=helper.get_param("hostname").replace('"', '').replace("'", '')
severity=helper.get_param("severity").replace('"', '').replace("'", '')
sid=helper.get_param("sid").replace('"', '').replace("'", '')

# value2="-m "+"'"+variable+"'"
# value6="-s "+helper.get_param("severity")

# TODO: Implement your alert action logic here
value1="send"
value2="-q SplunkES"
value3="-a "+"'"+title+"'"
value4="-n "+"'"+hostname+"'"
value5="-p PROFILE"
value6="-s "+"'"+severity+"'"
value7="-k "+"'"+sid+"'"
value8="-c SERVER"
value9="-m "+"'"+message+"'"
os.system("/opt/splunk/etc/apps/TA-sendevent/bin/SendEvent %s %s %s %s %s %s %s %s %s" % (value1,value2,value3,value4,value5,value6,value7,value8,value9))

return 0  

My alert_actions.conf file is below:

[sendevent]
is_custom = 1
description = Send a ticket
payload_format = json
icon_path = alert_sendevent.png
param._cam = {"task": ["create"], "subject": ["splunk.event"], "category": ["Information Conveyance"], "technology": [{"version": ["1.0"], "product": "Splunk Enterprise", "vendor": "Splunk"}]}
label = SendEvent

param.message  =
param.hostname = 
param.sid      =
param.severity = 
param.title    =

I can see my successful attempts in Add-on Builder in the Splunk logs (sendmodalert), but not sure what I'm missing outside of test.
Do I need to specify a command parameter in my alert_actions.conf file above (i.e. command = sendalert sendevent.py)?
I've tried several methods of triggering it in the alert_actions.conf file using command option, but none have worked so far.
Any help is much appreciated.