Here is the answer I was looking for:
flow record ipv4
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match interface output
collect counter bytes
collect counter packets
flow exporter test
destination x.x.x.x source vlan
transport udp 2055
template data timeout 60
flow monitor flow-monitor
cache timeout active 60
ip flow-export source Vlan
Under the interfaces add:
ip flow monitor flow-monitor input
ip flow monitor flow-monitor output
I have not tested this in several years, but it used to be that you couldn't export NetFlow through a "classic" IPSec tunnel (i.e., one configured with crypto maps on the physical interfaces). You had to use one of the other tunnel types, like an IPSec-encrypted GRE tunnel.
I do not know if this is still the case in more recent code versions.
Another thing to verify is that your export source VLAN is allowed into the tunnel.