Hi outcoldman,
You are correct. I'd like to amend something to your answers after my testing. It is not your mistake. It is a Splunk doc issue.
Even in this doc http://dev.splunk.com/view/event-collector/SP-CAAAE8Y#basicauth, it says that "Basic authentication and query string authentications are new features in Splunk 6.4 and above.", basic and query string authentications are not working on Splunk 6.4.3, see the result in my question.
I tested on Splunk 6.5.6 (latest 6.5 version), basic authentication is working here. Query string authentication gave {"text":"Token is required","code":2} error, meaning that it is not supported on 6.5 version.
I tested also on Splunk 6.6.5 (latest 6.6 version), both basic authentication and query string authentication are supported. 6.6.0 is the first version supporting configuration allowQueryStringAuth. Splunk doc says by default, allowQueryStringAuth = false, so result: {"text":"Query string authorization is not enabled","code":16}. After setting it to true, result is {"text":"Success","code":0}. This setting is not visible in the default inputs.conf.
... View more