You could win up to $50,000 building Splunk apps in the Splunk>Apptitude contest. Learn more »
Regarding agent vs agentless data / event gatering, WMI (agentless) seems easier to setup from within Splunk to pull in the data from remote Windows servers. So why would someone deploy Splunk as a Forwarder (agent) on their Windows servers to push the data in?
there's also some good info in the official docs here:
Please review this topic in our community wiki for more detail regarding this question.