EdgeMax and netflow: all my packets are registered twice...

Hello everybody,

I succeeded to configure my EdgeMax as a bridge, capturing all network traffic and send it with netflow to my monitor, see also

https://community.ubnt.com/t5/EdgeMAX/is-this-possible-Edgmax-as-man-in-the-middle-to-capture-network/m-p/1694500/highlight/true#M130842

My current setup: Image may be NSFW.
Clik here to view.

Netflow packets are captured at my ELK-machine: Elastic search + Logstash + Kibana.

I see network traffic, but the problem is now that (most of) my packets are captured twice (I sorted on packet size, because this is the most easy way to find doubles):

Image may be NSFW.
Clik here to view.

I have no idea why this is happening. Anybody else with the same problem?

My config of my EdgeMax (related to netflow):

ubnt@ubnt# show system flow-accounting
 ingress-capture pre-dnat
 interface br0
 netflow {
     server 192.168.4.54 {
         port 2055
     }
     version 9
 }
 syslog-facility daemon

Any help is much appreciated!

Kind regards,

Bart

PS

My full config:

ubnt@ubnt# show
 interfaces {
     bridge br0 {
         address 192.168.4.5/24
         aging 300
         bridged-conntrack disable
         hello-time 2
         max-age 20
         priority 32768
         promiscuous disable
         stp false
     }
     ethernet eth0 {
         bridge-group {
             bridge br0
         }
         duplex auto
         speed auto
     }
     ethernet eth1 {
         bridge-group {
             bridge br0
         }
         duplex auto
         speed auto
     }
     ethernet eth2 {
         bridge-group {
             bridge br0
         }
         duplex auto
         speed auto
     }
     ethernet eth3 {
         bridge-group {
             bridge br0
         }
         duplex auto
         speed auto
     }
     ethernet eth4 {
         bridge-group {
             bridge br0
         }
         duplex auto
         speed auto
     }
     loopback lo {
     }
     switch switch0 {
         mtu 1500
     }
 }
 service {
     gui {
         http-port 80
         https-port 443
         older-ciphers enable
     }
     ssh {
         port 22
         protocol-version v2
     }
     ubnt-discover {
         disable
     }
 }
 system {
     flow-accounting {
         ingress-capture pre-dnat
         interface br0
         netflow {
             server 192.168.4.54 {
                 port 2055
             }
             version 9
         }
         syslog-facility daemon
     }
     host-name ubnt
     login {
         user ubnt {
             authentication {
                 encrypted-password $1$zKNoUbAo$gomzUbYvgyUMcD436Wo66.
             }
             level admin
         }
     }
     ntp {
         server 0.ubnt.pool.ntp.org {
         }
         server 1.ubnt.pool.ntp.org {
         }
         server 2.ubnt.pool.ntp.org {
         }
         server 3.ubnt.pool.ntp.org {
         }
     }
     offload {
         hwnat disable
     }
     syslog {
         global {
             facility all {
                 level notice
             }
             facility protocols {
                 level debug
             }
         }
     }
     time-zone Europe/Brussels
     traffic-analysis {
         dpi enable
         export enable
     }
 }