/apps/app_name?form.field_value=x and form.field_value=y
Please help me to hide the session token values passed
Sadly, that's the way that tokens are passed. If you want to obfuscate the tokens, consider doing some hashing yourself.
Why are you trying to hide the tokens? They'll be visible on the dashboard anyways.
Embed splunk in an iframe...
...or not. Educate your users so they can cope with web-based applications.
i dont want the user to see the token passed in the url 🙂