Splunk code to find Error description :

index="inputfile" | rex "^(?P<reasoncode>[^\t]*)" | rex max_match=0 "<messageString>(?<reasoncode>[^\\<\"]*)" | eval reason_sub_code=substr(reasoncode,1,7)|stats count by reasoncode   

---------- Results as Expected : Working as EXPECTED-----------

reasoncode      "   count"
DPR-ERR-2070 the service monitorService did not stop within a reasonable amount of time 2
DPR-DPR-1026 Unable to register the dispatcher in Content Manager.  2
DPR-DPR-2002 Unable to find     2

Splunk code to find Error code counts only:

index="inputfile" | rex "^(?P<reasoncode>[^\t]*)" | rex max_match=0 "<messageString>(?<reasoncode>[^\\<\"]*)" | eval reason_sub_code=substr(reasoncode,1,12)|stats count by reason_sub_code     

----Actual Output: NOT Working as EXPECTED--------------

reasoncode      "   count"
DPR-ERR-2070    2       

Expected Output:

reasoncode      "   count"
DPR-ERR-2070    2
DPR-DPR-1026    2
DPR-DPR-2002    2