Interesting problem - my initial thought was that perhaps you had useAck enabled, however you config suggests this is not the case.
with useAck disabled, Splunk writes the data to the network socket and then forgets about it - this (in theory) means that its impossible for Splunk to send duplicate events, unless:
1.) The source data is itself duplicated
2.) Your TCP routing matches more than one route, and it gets routed twice (albeit to the same destination)
Have you looked at the index time for the duplicated data - were they received at the same instant, and by the same server or was there some delta between each copy?
Also, whats the intent of:
Is that a typo? - (You should use the code formatter when including things which look like HTML)
You probably want this set to:
crcSalt = <SOURCE>
If you need it
If my comment helps, please give it a thumbs up!