System and method for SLA violation mitigation via multi-level thresholds

What is claimed is: 1. A method in a cloud infrastructure of multi-level threshold service level agreement (SLA) violation mitigation, the method comprising: generating a model for an engineered feature (eF), wherein the eF is based on collected metrics; determining a first threshold T 1 , a second threshold T 2 , and a maximum threshold Tε for the eF based on the generated model of the eF, wherein the maximum threshold Tε when exceeded indicates that a SLA violation occurred, and wherein the first threshold T 1 and the second threshold T 2 are intermediate thresholds that are smaller than the maximum threshold Tε; estimating at a predetermined frequency a value of the eF based on real-time metrics; responsive to determining that the value of the eF exceeds Tε, adjusting the values of T 1 and T 2 and modifying the predetermined frequency and sending to a cloud orchestrator a message indicating that an SLA violation of type Tε has occurred; responsive to determining that the value of the eF does not exceed Tε, determining whether the value of eF exceeds T 1 ; responsive to determining that the value of eF exceeds T 1 , determining whether a change in rate of eF (eF′) has been positive; responsive to determining that the change in rate of eF has been positive, determining whether the value of eF exceeds T 2 ; responsive to determining that the value of eF exceeds T 2 , determining whether a change in the rate of eF′ (eF″) exceeds a value 1 ; responsive to determining that the value of eF″ exceeds the value 1 , triggering a SLA violation warning of type value 1 ; responsive to determining that the value of eF does not exceed T 2 , determining whether the change in the rate of eF″ exceeds a value 2 ; responsive to determining that the value of eF″ exceeds the value 2 , triggering a SLA violation warning of type value 2 ; determining one or more elements of the eF that triggered the SLA violation warning; and sending to the cloud orchestrator a message indicating the one or more elements. 2. The method of claim 1 , wherein the triggering of a SLA violation warning includes sending to the cloud orchestrator a message indicating that a SLA violation is likely to occur soon. 3. The method of claim 2 , wherein the message further includes the type of the SLA violation warning, and wherein the type of the violation warning is one of the type of value 1 and the type of value 2 . 4. The method of claim 1 , wherein the determining the one or more elements of the eF that triggered the SLA violation warning further comprises: selecting a predetermined number of raw input metrics for the eF that have the highest rate of change; and selecting a set of raw input metrics used to determine the eF that have exceeded their respective rate of change or rate of rate of change thresholds. 5. The method of claim 1 , wherein the determining the one or more elements of the eF that triggered the SLA violation warning further comprises: selecting a cluster from a K-means analysis of SLA violation warnings of the eF that the SLA violation warning belongs to, where the K-means analysis of the SLA violation warning is based on collected raw input metrics and eF values of prior SLA violation warnings for that eF. 6. The method of claim 1 , wherein the estimating the value of the eF comprises determining the value of eF using one of a parallel select machine learning model, a parallel-combine machine learning model, and a sequential machine learning model. 7. The method of claim 1 , wherein the generating the model of the eF comprises: estimating one or more eF values based on historically collected metrics; and creating a model based on the one or more eF values. 8. The method of claim 1 , wherein the determining the T 1 , T 2 , and the Tε further comprise: determining the T 1 , T 2 , and the Tε based on at least one of a set of predetermined values, a domain expert, and analysis of past performance. 9. The method of claim 1 , further comprising: responsive to determining that the value of eF exceeds T 2 , updating a counter value; and responsive to determining that the counter value exceeds a value x, triggering a SLA violation warning of type value x and resetting the counter value. 10. A non-transitory computer readable medium, having stored thereon a computer program, which when executed by a processor performs the following operations: generating a model for an engineered feature (eF), wherein the eF is based on collected metrics; determining a first threshold T 1 , a second threshold T 2 , and a maximum threshold Tε for the eF based on the generated model of the eF, wherein the maximum threshold Tε if exceeded by a value of the eF indicates that a SLA violation occurred, and wherein the first threshold T 1 and the second threshold T 2 are intermediate thresholds that are smaller than the maximum threshold Tε; estimating at a predetermined frequency a value of the eF based on real-time metrics; responsive to determining that the value of the eF exceeds Tε, adjusting the values of T 1 and T 2 and modifying the predetermined frequency and sending to a cloud orchestrator a message indicating that an SLA violation of type Tε has occurred; responsive to determining that the value of the eF does not exceed Tε, determining whether the value of eF exceeds T 1 ; responsive to determining that the value of eF exceeds T 1 , determining whether a change in rate of eF (eF′) has been positive; responsive to determining that the change in rate of eF has been positive, determining whether the value of eF exceeds T 2 ; responsive to determining that the value of eF exceeds T 2 , determining whether a change in the rate of eF′ (eF″) exceeds a value 1 ; responsive to determining that the value of eF″ exceeds the value 1 , triggering a SLA violation warning of type value 1 ; responsive to determining that the value of eF does not exceed T 2 , determining whether the change in the rate of eF″ exceeds a value 2 ; responsive to determining that the value of eF″ exceeds the value 2 , triggering a SLA violation warning of type value 2 ; determining one or more elements of the eF that triggered the SLA violation warning; and sending to the cloud orchestrator a message indicating the one or more elements. 11. The non-transitory computer readable medium claim 10 , wherein the triggering of a SLA violation warning includes sending to the cloud orchestrator a message indicating that a SLA violation is likely to occur soon. 12. The non-transitory computer readable medium of claim 10 , wherein the message further includes the type of the SLA violation warning, and wherein the type of the violation warning is one of the type of value 1 and the type of value 2 . 13. The non-transitory computer readable medium of claim 10 , wherein the determining the one or more elements of the eF that triggered the SLA violation warning further comprises: selecting a predetermined number of raw input metrics for the eF that have the highest rate of change; and selecting a set of raw input metrics used to determine the eF that have exceeded their respective rate of change or rate of rate of change thresholds. 14. The non-transitory computer readable medium of claim 10 , wherein the determining the one or more elements of the eF that triggered the SLA violation warning further comprises: selecting a cluster from a K-means analysis of SLA violations warnings of the eF that the SLA violation warning belongs to, where the K-means analysis of the SLA violation warning is based on collected raw input metrics and eF values of prior SLA violation warnings for that